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Windows PowerShell includes a number of cmdlets that let you create 
commands that refine results. Here's how to use the Where-Object, 
Select-Object, Select-String, ForEach-Object, and Out-GridView cmdlets 
to filter pipeline objects and their data. 
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Need to Know 




The Great Device Convergence 


M icrosoft’s move to devices and services was one of the top 
stories of the past year. While we tend to focus on the services 
side of the equation when it comes to Microsoft, because 
the transition from traditional software to services is so obvious and 
relatively straightforward, we shouldn’t ignore what’s happening on 
the devices side. Here, too, we see a transition, but it’s going to be 
messier and more confusing. And it’s happening right now. 



Paul 

Thurrott 


The Shifting Market for PCs 

Few reading this need to be told that smartphones long ago started 
outselling traditional PCs and that tablets are poised to do so as soon 
as this time next year. This transition has rocked the industry in ways 
that are only now beginning to be understood. 

From the Microsoft perspective, its previous safe perch atop the PC 
market is crumbling. Whereas the firm long enjoyed roughly 90 per¬ 
cent market share in the market for personal computing devices, it 
now owns closer to 20 percent, because that market includes smart¬ 
phones and tablets, and not just traditional PCs. (You can check out 
my math in “Post-PC: When Will Then Be Now?” if you’re curious 
how this works.) 
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Android Leads the Way 

Like the “Internet tidal wave” before it, the proliferation of mobile com¬ 
puting devices happened without Microsoft’s leadership, so the com¬ 
pany once again has been forced to adapt to this change rather than 
drive it. The prime beneficiaries, so far—and to be fair, this is ever- 
changing—are Samsung and Apple, though of course Google needs a 
mention here since Google created the free Android OS that runs most 
of the mobile devices made today. In fact. Android market share stands 
to be three times the size of either Windows or Apple iOS by 2017. 
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The reasons for Android’s successes here are roughly analogous to 
what drove Windows to fame and fortune decades ago. It’s a low-cost 
(in this case, free) alternative offered by numerous third-party hard¬ 
ware makers who are battling each other and high-priced incumbents 
who either license their own solution (Microsoft) or sell directly to 
users (Apple). From a pricing perspective, it’s a race to the bottom, 
and since Android is essentially free to device makers, it’s a more 
economical solution than any Windows version. 

Chromebooks Chip Away from the Bottom 

Google also makes a free web browser-based OS called Chrome OS, 
which it too gives away for free. This OS is used mostly on laptop-like 
devices called Chromebooks that can be sold at very low prices, in 
the $250 range typically. 

Chromebooks have already seen some initial sales successes, and 
with most of Microsoft’s PC maker partners seemingly signing on 
to make these netbook-class wonders each month, it’s perhaps not 
surprising that Microsoft has recently turned its “Scroogled” ad cam¬ 
paign sights on the devices in recent days. Chromebooks are insidious 
because they look like laptops, and they signal to the uninformed that 
they can have a productivity machine for cheap. 

More to the point, Chromebooks could continue the price dissolu¬ 
tion of the PC market that started with netbooks. Even if they aren’t 
directly successful, they could still have a devastating impact on the 
traditional PC, which is Microsoft’s last stronghold in this new per¬ 
sonal computing market. 

The Evolving PC Market 

So that’s the situation that Microsoft finds itself in as we begin 2014. 
A market that was previously comprised of just desktop and laptop 
computers now includes a startling range of devices in a variety of 
sizes and form factors, and it’s only going to get more confusing as 
we move forward. 
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In the smartphone market. Android continues racing ahead, and 
now controls over 80 percent of sales thanks to the sheer variety of 
device types offered by hardware partners. Apple’s iPhone continues 
falling, from a market share perspective—though it’s growing sales 
as the overall market grows—and Windows Phone is bringing up the 
rear with just 4 percent of all smartphone sales. 

On the tablet front. Android is edging toward dominance with 
roughly 65 percent of the market. Here, too, Apple is falling behind 
because of its high prices and lack of product range. Microsoft makes 
a negligible dent in this market and controlled just 3.5 percent of this 
market in 2013. 

PCs are getting attacked by Chromebook on the low end, by Macs 
on the high end, and by tablets all around. This market is contracting, 
is much smaller than the smartphone market, and could be smaller 
than the tablet market soon. So it’s no surprise that Microsoft is mix¬ 
ing things up. Again. 

Microsoft's Response to Device Convergence 

Windows 8 was Microsoft’s first, pained push into this new world, 
and there’s little reason to reiterate the many problems this dual-use 
design product caused with both customers and partners. It was a 
response to the surge in tablets, where, in Microsoft’s view, Windows 
could become a platform for these hot new devices. The problem is 
that the market is continuing to change. 

Devices such as the original iPad, now thought of as “full-sized 
tablets,” are being outsold, overwhelmingly, by so-called mini-tablets 
with smaller screens. Do these mini-tablets compete with full-sized 
tablets any more directly than do full-sized tablets with PCs? It doesn’t 
matter: They’re all personal computing devices, and the sale of one 
type could take away from the sale of another. 

To address this explosion in mini-tablets, Microsoft specially 
adapted Windows, and those changes came as part of Windows 8.1. 
This release supports portrait mode, for use like an e-reader. 
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For smartphones, conversely, the growth part of the market is in 
so-called phablets, those phones with screens larger than 5". (Most 
phablets have 5.5" to 6" screens currently.) Here, Microsoft has also 
responded by adding support to Windows Phone 8 for 5" to 6" screens 
running at 1920 x 1080 (1080p), meeting the Android threat. (Apple, 
thus far, has ignored the phablet craze, for some reason.) 

At some point, phablets and mini-tablets are going to meet in the 
middle. A device like the Nokia Lumia 1520, which sports an enor¬ 
mous 6" screen, is clearly too big to be used as a phone by many, and 
it’s pretty close in size to 7" devices like the Google Nexus 7. But it’s 
a phablet—that is, a large smartphone—and not a tablet. 

So Microsoft is adapting Windows yet again. We don’t know the 
full details, but as I noted in “A New Hint About Microsoft’s One 
Windows Vision,” Microsoft executive vice president Julie Larson- 
Green told a recent tech conference that three versions of Windows— 
Windows RT, Windows Phone, and “full” Windows—were too much. 
“We’re not going to have three,” she said. 

My expectation is that the ARM-based versions of Windows—RT 
and Phone—are merging into a single product. This makes sense for 
many reasons. The types of devices on which Windows runs seems 
to be growing rapidly. Instead of addressing changing market needs 
belatedly, as it did with mini-tablet support in Windows 8.1 and Win¬ 
dows Phone’s support for phablets, Microsoft can build functionality 
onto a single core Windows release. 

What also needs to happen—and there are rumors that new Micro¬ 
soft OS chief Terry Myerson has floated this possibility with hardware 
partners—is for Windows licensing fees to come down. Microsoft 
can’t command the high prices that Apple does, so a high-margin 
luxury market play doesn’t make sense. But it’s getting killed in the 
volume part of the market by Android. Prices need to drop. 

One possibility is that the OS could be free on phone and phone¬ 
like devices and offered at only a minimal cost on tablets. But that’s 
just speculation at this point. 
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Everything Is Changing 

Although users seem to be embracing using multiple devices, it’s hard 
not to imagine some strange scenarios that will unfold in the coming 
years. Whereas many will carry separate smartphones, tablets, and 
PCs, many more will consolidate and lighten the load. For example, 
if a phablet-class device were powerful enough to be used as a PC, 
why not carry that device with you at all times and connect it to a 
docking station at work? 

This move to mobile devices puts pressure on the Windows desk¬ 
top, which will most likely be relegated to x86-class hardware only, 
or what we might now think of as traditional PCs. With virtual desk¬ 
top infrastructure (VDI) coming to the cloud, this move from the 
Windows desktop might be accelerating: Many users can access their 
aging desktop applications through remote virtual instances. (Check 
out “Amazon takes Virtual Desktop to the Cloud” for more about this 
solution, which isn’t isolated to Amazon.) 

As we start 2014, Microsoft and its partners offer a wealth of options 
at various price points and in various form factors. We have Windows 
Phone handsets of all sizes, primarily from Nokia, which will become 
part of Microsoft early this year. We have Windows-based mini-tablets, 
tablets, hybrid and transforming PCs, touch-based Ultrabooks, laptops, 
desktops, all-in-ones, and more. Even the Xbox One, which utilizes ver¬ 
sions of Hyper-V and Windows 8 at its core, is ostensibly a Windows- 
based PC for the living room. 

Moving forward, wearable and even human-embeddable technol¬ 
ogy will go mainstream. I have no doubt that Microsoft will adapt 
Windows for health-monitoring bracelets, digital glasses, smart 
watches, and whatever Jetsons wizardry you can imagine. Making 
the platform more easily adaptable to new usage scenarios will only 
allow this to happen more seamlessly and quickly. ■ 
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Introducing the Pipeline 
to ForEach 

Warming up to more complex 
Active Directory one-liners 

L ast month, in “Where-Object and the Pipeline,” I showed you 
PowerShell’s pipeline and the pipeline’s Secret Name ($_). In 
previous columns, you’ve seen how the pipeline can let you 
combine two Active Directory (AD) cmdlets and get some non-trivial 
work done, such as the following combination that would find all 
users who haven’t logged on in 90 days, then disable their accounts: 

search-adaccount -usersonly -Accountlnactive -timespan "90" | 
disable-adaccount 

Although that “one-liner” looks simple, it masks a bit of complexity 
that can’t remain masked if we want to tackle other one-liners that 
are only mildly more complex. 

Consider the following problem: In auditing your AD environment, 
you find that although your user accounts have their first names, 
middle initials, and last names properly entered in their correct attri¬ 
butes, the DisplayName attribute is empty. You’d like to populate it. 
The names of the attributes for first name, middle initials, and last 
name are respectively called givenname, initials, and sn (I’m pretty 
sure there was drinking going on when the X.500 committee came 
up with those names!), and you’d like to automatically construct a 
DisplayName out of those three attributes for each user, fixing a flaw 
in your otherwise-tidy AD implementation. (OK, it’s a bit contrived, 
but it’s non-trivial enough to be a good example.) 
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To do that, you need to understand a command called ForEach- 
Object, which has the aliases foreach and % (yep, just a simple per¬ 
cent sign). Like the For command I showed you years ago, it’s one of 
those PowerShell cmdlets that takes a useful one-off tool and makes 
it a “power tool.” ForEach works like this: 

<commands that load up the pipeline> | foreach { <cmdlets that 
do something with the pipeline contents> } 

How do you load up a pipeline? Every time you run a cmdlet that pro¬ 
duces any information at all, you stuff things in a pipeline. (If you have 
15 users, typing get-aduser -filter * will put 15 objects in the pipeline.) 
But a simpler way to load a pipeline is to just enter some pieces of data 
on the command line, separated by commas. For example, type 

1,"orange",77 

press Enter, and you’ll see three lines: one for 1 by itself, one for 
orange, and one for 77. 

In that case, I just loaded the pipeline but did nothing else. Whenever 
you do that, PowerShell says, “Hmm, nothing more to do,” and writes 
the objects in the pipeline to the screen. To do something more complex, 
you need ForEach. After the ForEach statement, PowerShell needs one 
or more cmdlets between a left and right curly brace with semicolons 
between each cmdlet—a structure that PowerShell calls a scriptblock. 
Another simple example is 

"Wally",7,33,"Cloud" | foreach { "There's something in the 
pipeline" } 

Type that, and There’s something in the pipeline will appear four times 
on the screen. Put simply, PowerShell first filled the pipeline with the 
four objects, then handed that filled pipeline to ForEach. 
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But understanding what ForEach does and how it does it is impor¬ 
tant to getting the most out of the command, so let’s take this slowly. 
One at a time, ForEach takes the next object in the pipeline and does 
three things with that object. First, it temporarily stores the object 
in PowerShell’s pipeline variable, $_. Second, it executes whatever 
cmdlets are in the scriptblock. Third, it discards the object, getting 
ready to go back and grab the next one. 

Thus, in this case, ForEach first grabs "Wally", stuffs it in $_, then 
does what the scriptblock says to do, which is extremely simple: dis¬ 
plays There’s something in the pipeline on the screen. (Notice that 
ForEach ends up not making any use of $_. That’s OK, again due to 
the simplicity of the example.) ForEach then throws "Wally" away, 
grabs the number 7, puts it in $_, displays There’s something in the 
pipeline on the screen, then discards the 7. It does it all again with 33 
and "Cloud", and then the pipeline is empty, and it’s done. 

But now, try a small change in the scriptblock: 

"Wally",7,33,"Cloud" | foreach { "Pipeline contains:" + $_ } 

Run that and you’ll see a different line every time, such as 

Pipeline contains:Wally 
Pipeline contains:7 

and so on. The difference is that this time around, instead of unchang¬ 
ing, static text, you added $_, which changes every time. (The plus 
sign means “stick the static text "Pipeline contains:" string and what¬ 
ever is currently in $_ together.” Techies call this concatenation .) 

Yes, those are trivial examples, but I hope they’ve given you a feel 
for how ForEach works so that I can start showing you its power as we 
tackle the DisplayName cleaning task. See you next time! ■ 
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Top 10 Free 
Microsoft eBooks 


F ree is always a great price! In the Internet era, more and more 
great—and completely free—IT information resources are 
available all the time. Not surprisingly, one of the most prolific 
providers of IT information is Microsoft. Microsoft offers an excel¬ 
lent collection of free ebooks—far too many to list in this column. 
These ebooks cover IT topics such as Windows Server 2012, SQL 
Server, SharePoint, Exchange Server, Office, and development. Most 
of these ebooks are available in PDF format, and some are also 
available in EPUB and MOBI formats. Here are 10 of the top (free) 
Microsoft ebooks. 

(T) Introducing Windows Server 2012 RTM Edition 

As you would expect. Introducing Windows Server 2012 RTM Edition 
covers all the new features in Windows Server 2012. The new ver¬ 
sion of this ebook is completely up-to-date and includes the latest 
release to manufacturing (RTM) enhancements in Server 2012. It 
covers all the new virtualization, networking, and storage enhance¬ 
ments. 
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© Introducing Microsoft SQL Server 2012 

This ebook covers the latest SQL Server 2012 release. The first part 
covers database administration and provides a guide to the various 
editions of SQL Server, as well as the new AlwaysOn high availabil¬ 
ity features. Introducing Microsoft SQL Server 2012 also covers busi¬ 
ness intelligence (BI) development and provides a guide to the SQL 
Server 2012 Business Intelligence subsystems, including Integration 
Services, Data Quality Services, Master Data Services, Analysis Ser¬ 
vices, and Reporting Services. 
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@ Office 365 Guides for Professionals and Small Businesses 

Office 365 is becoming one of Microsoft’s real cloud success stories; 
Office 365 Guides for Professionals and Small Businesses covers setting 
up and using Office 365 in a small business environment. Subsequent 
chapters dive into the details such as setting up users’ accounts, docu¬ 
ment and calendar sharing, and domain and phone integration. 

(4) Governance Guide for Microsoft SharePoint Server 2010 

Governance Guide for Microsoft SharePoint Server 2010 first introduces 
the concepts of governance, then introduces the SharePoint governance 
tools. The remainder of the ebook explains the details of establishing 
SharePoint services and implementing information architectures. 

(J) Windows Azure Prescriptive Guidance 

Considering Microsoft’s push to the cloud, it’s no surprise that the 
company offers a collection of Windows Azure resources. Windows 
Azure Prescriptive Guidance covers planning and designing Windows 
Azure applications, messaging, and Azure integration with BizTalk 
and Visual Studio. 

(6) Windows Azure and SQL Database Tutorials 

This ebook provides a set of tutorials designed to teach you how to 
use Windows Azure SQL Database. Windows Azure and SQL Database 
Tutorials includes information about using the Windows Azure web role 
and setting up a Windows Azure SQL database. It also covers advanced 
capabilities, such as creating an OData service, using the Windows 
Azure BLOB service, and using the Windows Azure worker role. 

( 7 ) TCP/IP Fundamentals for Microsoft Windows 

Understanding TCP/IP is one of the core skills of the Windows 
administrator. TCP/IP Fundamentals for Microsoft Windows covers 
only Windows Server 2008 and not Server 2012, but the coverage of 
TCP/IP concepts is good. The book provides an overview of TCP/IP 
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and the Windows Server implementation and tools, and subsequent 
chapters dive into IPv4, IPv6, subnetting, DHCP, and DNS. Finally, 
the book explains several configuration scenarios. 

(D Microsoft Lync Server 2010 Resource Kit 

Unlike the other ebooks in this column, Microsoft Lync Server 2010 
Resource Kit is delivered as a set of 19 chapters in a zip file, and each 
chapter is a separate Word document. Each chapter covers a different 
Lync technology, including Lync addressing services, archiving and 
monitoring, client administration, direct Session Initiation Protocol (SIP), 
external user access, instant messaging, and SharePoint integration. 

( 9 ) Programming Windows 8 Apps with HTML, CSS, and 
JavaScript 

No set of Microsoft ebooks would be complete without Windows cli¬ 
ent programming books. Programming Windows 8 Apps with HTML, 
CSS, and JavaScript tells you how to create Windows 8 applications 
using standards-based technologies such as HTML5, CSS, and Java¬ 
Script. The book provides a quick start to building Windows 8 apps 
with Blend for Visual Studio and discusses app anatomy, page navi¬ 
gation and layout, keeping track of app state, and using sensors. 

@ Own Your Future 

Not all Microsoft ebooks are about technologies. There are also a few 
ebooks, like this one, that cover IT careers. Own Your Future covers 
charting career growth and points out opportunities for education, 
certification, and business skill enhancement. 

Unfortunately, there’s no one place that I know of where you can find 
listings for all the free Microsoft ebooks. Microsoft’s Eric Ligman has 
compiled a Huge Collection, a Large Collection, and Another Large 
Collection of Free Microsoft eBooks in his blog. You can also check 
out Microsoft’s E-Book Gallery for Microsoft Technologies. ■ 
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Kerberos Might Not Be Dead, 
but It’s Not Feeling Well 

Goodbye shared secret authentication, 
hello claims from trusted authorities! 
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A t the 2012 Cloud Identity Summit, Kuppinger Cole analyst Craig 
Burton declared, “SAML [Security Assertion Markup Language] 
is dead.” SAML is the most broadly adopted authentication 
standard in the web services world, so this pronouncement caused 
quite a stir. The debates that followed established that, no, SAML isn’t 
dead, but future implementations are looking toward other standards, 
such as OAuth 2.0, OpenID Connect, and SCIM. In other words, the 
growth of SAML-based services is slowing and will continue to slow 
down. (Burton’s fellow analyst Dave Kearns has a good summary of the 
“SAML is dead” debate.) Some other folks have since used the “XXX 
is dead” meme, most notably for the XACML authorization standard. 

At the risk of being accused of jumping on Burton’s very long coat 
tails, Kerberos faces this same situation. Standards have a lifecycle. 
They rise when existing standards don’t meet the needs of modern 
use cases. They very slowly fade into the sunset when a new set of 
requirements evolve that the standard can’t adapt to, and a new stan¬ 
dard emerges. Kerberos is on the cusp of that long slow slide. 


Authentication in the Enterprise 

Today, Kerberos dominates the enterprise universe. This security pro¬ 
tocol first appeared in 2000, when Windows 2000 Server and its Active 
Directory (AD) security component were released, and as AD and 
AD-enabled applications grew in market share, so did the use of Ker¬ 
beros. It’s been the primary security protocol for the Microsoft-centric 
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world ever since; it handles authentication and passes authorization 
data to domain resources. 

When Kerberos was chosen to be AD’s authentication protocol in 
the mid- to late-1990s, the World Wide Web was a shadow of what 
the Internet offers today. Although the Kerberos ticket contained an 
encrypted password hash that could be attacked, there wasn’t any 
substantial requirement to provide support outside the highly pro¬ 
tected corporate firewall. 

Authentication in the Web Services World 

The rise of cloud services is changing many aspects of our lives, and 
these services don’t support external authentication via Kerberos 
because of that password vulnerability. If a web service uses standards, 
it handles claims-based authentication using SAML 2.0 or, increas¬ 
ingly, OAuth 2.0 and OpenID Connect. Microsoft’s own Azure Active 
Directory doesn’t use Kerberos; it supports SAML and OAuth 2.0 as its 
authentication protocols. 

I don’t mean to imply that web services have implemented authen¬ 
tication standards in the same thorough way that the closed Windows 
Server security model has implemented Kerberos. Far from it! Web 
services have standards—but actually implementing them is another 
matter. Getting cloud service providers to adopt standards is like herd¬ 
ing cats; a quick review of the hundreds of SaaS apps available on 
OneLogin’s IDaaS portal shows that only a very small percentage sup¬ 
port identity federation standards. The rest support only form-based 
authentication—in other words, a user ID and password. That’s why it’s 
so important that customers help drive standards adoption to reduce the 
password proliferation that has us all grinding our teeth in frustration. 

Microsoft and Its Cloud Commitment 

Even within the Microsoft ecosystem, software architectures are 
moving away from Kerberos due to the cloud. In addition to their 
on-premises versions, Microsoft partners are developing hybrid or 
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web-only versions of their products. Microsoft itself is “all in” to the 
cloud, and is driving aggressively forward in its cloud services port¬ 
folio and (at a slower pace) its support of cloud identity standards. 
AD itself is a perfect example. 

In Windows Server 2012 R2, the most significant enhancements 
to the AD platform were made to Active Directory Federation Ser¬ 
vices (AD FS), not Active Directory Domain Services (AD DS). AD FS 
extends AD DS’s reach to the world of web-based services that sup¬ 
port SAML 2.0 and—in Windows Server 2012 R2’s AD FS implemen¬ 
tation—OAuth 2.0. (Think of AD FS as the teenager translating new 
technology to the AD DS adult who just doesn’t understand it.) The 
largest identity-related scenario in Windows Server 2012 R2 focuses 
on the capability to access web-based corporate resources from iOS 
devices inside or outside the corporate network. Also referred to as 
Workplace Join (one of the scenario’s features), it only works for 
web-based resources such as websites like Outlook Web Access 
(OWA) that use Integrated Windows Authentication (IWA), or servers 
like SharePoint that now support claims-based authentication. Server 
Message Block (SMB) and Kerberos are not supported in this sce¬ 
nario. A friend calls this rise in web-friendly, on-premises services 
“the SaaSification of the enterprise.” 

I'm Not Dead Yet! 

Like SAML, Kerberos isn’t going away any time soon. As long as there 
are AD DS domains and forests, there’s a place for Kerberos. Even in 
the unlikely event that on-premises AD DS forests are cut down in 
favor of cloud services, innumerable forests will live on in public cloud 
IaaS installations. But developers are increasingly turning their focus to 
cloud services at the expense of on-premises applications. 

This also means that you, the IT pro, need to be able to under¬ 
stand these new standards, at least from a configuration and support 
viewpoint. The better you can translate this different world to your 
management, the more valuable you’ll be. ■ 
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Windows Azure Active 
Directory PowerShell 

PowerShell code snippets that can save 
you time, energy, and frustration 

I t seems like “The Cloud” is all we hear about these days, and it’s 
often capitalized as if it were a single monolithic thing. But it’s 
not a single entity. There are many clouds, including the Windows 
Azure Active Directory (WAAD) cloud and Microsoft Office 365 cloud, 
both of which offer a vast array of services. You can use the services 
to augment your on-premises capabilities, or you can migrate to them 
en masse, without having to go through the hours of project planning 
and incremental rollout phases that many service additions to a busi¬ 
ness would require. 

It might surprise you to learn that Microsoft Support engineers 
have, at best, limited access to the cloud rendition of your environ¬ 
ment. This is primarily a result of efforts to make your data private, 
inaccessible, and inviolate. What this means is that we often have 
to glean whatever we can using our customers’ on-premises context 
(with their consent) and the automated tools that can run in that 
context. The best tools that can run in an on-premises context are 
the Microsoft Online PowerShell tools, which we package together in 
Support Diagnostics Packages. 

I’ll go over several common support scenarios that we see and the 
Windows PowerShell techniques we use in our diagnostics to scope 
the problem or identify the tenant configuration and ultimately get us 
closer to problem resolution. I’ll first discuss what you need to know 
when working with tenants and domains. Afterward, I’ll discuss what 
you need to know when working with specific users. This information 


Windows IT Pro 



Tim 

Springston 

is a senior support escalation 
engineer in the Commercial 
Technical Support team at 
Microsoft, where he is the 
lead for security and 
authentication. 

Email 
Blog 



January 201 4 21 


WWW.WINDOWSITPRO.COM 






What Would Microsoft Supoort Do? 


V 


Password 
synchronization 
can seem like a big 
black box to an 
administrator. 


can be handy if you administer your company’s Microsoft Online Ser¬ 
vices tenant or if you’re a Microsoft partner and need to get up to 
speed quickly on the status of a domain that you’re hosting. 

Note that all the code snippets you’ll see here must be preceded by 
code to connect with and authenticate to Microsoft Online Services. 
Here’s an example of connection and authentication code: 


$Creds = Get-Credential 
Import-Module MSOnline 
Connect-MsolService -Credential SCreds 
-Warm' ngAction Si 1entlyContinue 

This code requires that the Windows Azure Active Directory Module 
for Windows PowerShell be installed, which you can obtain from your 
online portal administration pages. Note that the back tick (') in this 
code and in many of the article’s listings means that the executing 
PowerShell line is continued to the next line. Also note that the code 
Download doesn’t use aliases. Although aliases are convenient, it’s easier to 

learn from the actual cmdlet names. You can download the article’s 

Download the code 

listings by clicking the Download button. 

Getting Useful Tenant and Domain Information 

Let’s start with getting the top-level domain information. A Microsoft 
Online Services tenant—no matter whether it’s a WAAD or Office 
365 tenant—can have multiple domains. Each domain must have a 
customer-owned public namespace (such as contoso.com). It might 
also have single sign-on (SSO) integration. SSO means a federated 
trust, where an on-premises identity solution such as Active Direc¬ 
tory Federation Services (ADFS) provides a seamless authentication 
and authorization experience to resources, no matter whether those 
resources are in the cloud or in the local enterprise environment. 

First, we use the code in Listing 1 to determine whether a particu¬ 
lar domain has been verified to prove that the tenant owner owns 


22 Windows IT Pro / January 2014 


WWW.WINDOWSITPRO.COM 






What Would Microsoft Support Do? 



that namespace. This is important because no other domain configu¬ 
rations (e.g., configuring the domain for SSO or directory synchroni¬ 
zation) can occur until the domain is verified. 

In Listing 1, we use the Get-MsolDomain cmdlet to create an array 
and place each domain in the tenant in the array. We then iterate 
through the domains (which is handy because we don’t know how 
many domains the tenant has) and determine whether that domain’s 
Status property is set to Verified or Unverified. Verified means that 
the tenant owner has proven that it owns that DNS namespace on the 
Internet by placing a specific file in its forward lookup zone. Unveri¬ 
fied means that the forward lookup zone has never been proven to be 
one that the tenant owns. 

Next, we check to see whether a particular domain is SSO enabled 
using the code snippet in Listing 2. In this snippet, we again use the 
Get-MsolDomain cmdlet to build an array of domains. We then iterate 
through all of them and check whether each domain’s authentication 
type is Managed or Federated. Managed means that there’s no feder¬ 
ated SSO for the cloud to redirect back to. Federated means that domain 
is configured to redirect SSO users to the on-premises ADFS server. 
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Checking Directory and Password Synchronization 

Another common operation that we perform is to see whether WAAD 
synchronization is being used. Listing 3 shows the code that we use. As 
you can see, the code uses the Get-MsolUser cmdlet to query all users, 
then filters the results with the -Synchronized switch. If no users are 
returned, we know that directory synchronization has never been used. 

Next, we determine whether the local directory synchronization 
server supports password synchronization using the function in 
Listing 4. This function must be run on the server where WAAD 
Directory Synchronization (DirSync) is installed. 
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Listing 4: Function to Check Whether the Local Directory Synchronization Server Supports Password 
Synchronization 


function CheckDirSyncPwdSyncSupport { 

SLegacyDirSyncPath = $env:ProgramFiles + 

"\Microsoft Online Directory Sync" 

$NewDirSyncPath = $env:ProgramFiles + 

"\Windows Azure Active Directory Sync" 

# Determine the correct file path for the install, 
if (Test-Path $LegacyDirSyncPath) 

{$DirSyncPath = $LegacyDirSyncPath} 
if (Test-Path $NewDirSyncPath) 

{$DirSyncPath = $NewDirSyncPath} 

# Executable path 

$DirSyncExePath = $DirSyncPath + 

"\Microsoft.Online.Di rSync.Scheduler.exe" 

# Get install version. 

# This is a single line that's wrapped for readability onto three lines. 
$DirSyncVersion = 

[System.Diagnostics.FileVersionlnfo]::' 

GetVersionInfo($DirSyncExePath).FileVersion 

# Version that supports password sync 
$DirSyncPwdVer = "1.0.6385.0012" 

if ($DirSyncVersion -ge $DirSyncPwdVer) 

{return $true} 
el se 

{return $false} 

} 

$PwdSupport = CheckDirSyncPwdSyncSupport 
if ($PwdSupport -eq $true) 

{"The DirSync server supports password synchronization."} 
else 

{"The DirSync server does not support 
password synchronization."} 
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The function in Listing 4 first checks to see where the DirSync bina¬ 
ries are installed by doing some path checks with the Test-Path cmdlet. 
(This step is needed because the paths changed between DirSync ver¬ 
sions.) The function then constructs the path string to the Microsoft 
.Online.DirSync.Scheduler.exe file and checks its file version. If the ver¬ 
sion is greater than or equal to 1.0.6385.0012, we can conclude that the 
server supports password synchronization. 

Getting Handy User-Specific Information 

Getting the specifics about a user’s configuration can be handy. Here’s 
the information that we commonly look at and how we get it. 

We first check to see whether a particular user has synchronized 
with the Microsoft cloud. If so, we then check to see when the last 
synchronization occurred. This information is invaluable for Exchange 
Online mailbox provisioning scenarios. The reason why lies in the fact 
that the mailbox provision (or some updates) for existing on premises 
users can’t occur until the user has done a directory synchronization 
from on-premises to the cloud. So, finding out whether the user has 
ever synced and, if so, when the last one occurred can tell you where 
the user is in the mailbox provisioning process. Listing 5 shows the 
code to get this information. 


Listing 5: Code to Check Whether a Particular User Has Synchronized 
with the Microsoft Cloud and When the Last Synchronization Occurred 


SUserPrincipal Name = Read-Host "Enter the user principal name 
of the user to check." 

$User = Cet-MsolUser -UserPrincipalName SUserPrincipalName 

if (SUser.Immutableld -eq $null) 

{ 

Write-Host "The user $User.UserPrincipalName 
is not a DirSync user." 

} 

el se 
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Listing 5: continued 


{ 

$UserUPNStri ng = SUser.llserPrincipalName.ToStringO 
SUserDirSyncTimeString = $User.LastDirSyncTime.ToStringO 
Write-Host "The user SUserUPNString is a DirSync user 
and last synchronized $UserDirSyncTimeString." 

} 


Synchronizing Passwords 

Password synchronization can seem like a big black box to an adminis¬ 
trator. The script in Listing 6 can help clear things up a bit so you don’t 
have to look in several different places to find out whether a password 
has been synced. This PowerShell script automatically checks all the 
different locations for the user principal name (UPN) you supply. 


Listing 6: Script to Find Out Whether a Password Has Been Synced 


function GetPwdLastSet 
{ param (Susername) 

$searcher=New-Object DirectoryServices.DirectorySearcher 
Ssearche r.Fi1ter="(&(samaccountname=$username))" 

$results=$searcher.findone() 

$Time = [datetime]::' 

fromf i 1 etime($ results.properties.pwdlastset[0]) 
return $Time 
} 

function GetUserDN 

{ param (Susername) 

Ssearcher = New-Object DirectoryServices.DirectorySearcher 
Ssearcher.Filter = "(&(samaccountname=$username))" 

$ resul ts=$searcher. fi ndoneO 
$DN = Sresults.properties.distinguishedname[0] 
return $DN 
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Listing 6: continued 


} 

# Prompt for username to search AD for. 

$username = Read-Host "Enter the username of the user 
to check in samaccountname format." 

SOnPremisesPasswordTime = GetPwdLastSet $username 

$UserDN = GetUserDN $username 

$PaswordSynced = $False 

Get-EventLog "Application" | 

Where-Object {(($_.EventID -eq 657) -and 
($_.Message -match SUserDN) -and 
($_.TimeGenerated -gt SOnPremisesPasswordTime))} | 

% { 

# If event is found, set status to $True since the 

# password has synced to the cloud successfully. 

SPaswordSynced = $True 

STimeString = $_.TimeGenerated.ToString() 

Write-Host "The password for user Susername has synced 
to the cloud since the last password change 
on-premises. It last synced successfully $TimeString" 

} 

if (SPaswordSynced -eq $false) 

{Write-Host "The user Susername has not synced to the 
cloud since the last on-premises password change."} 


You must run the script on the directory synchronization server, 
although you could add remote capability to it. This script performs 
an LDAP query against the on-premises AD to see when the specified 
user (which you supply at the console) last changed his or her pass¬ 
word. The script then searches through the Application event log for: 
• The user’s distinguished name (DN), which must be unique 
according to AD rules 
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• The event ID of 657, which is the event that signifies a Success 
event for the password sync 

• The time index for event 657, which needs to be after the time 
index for the on-premises password change 

This script is run entirely on-premises and requires elevated privileges, 
such as Domain Administrator for the domain. 

Determining Whether a User Is a Tenant Administrator 

Determining whether a user is a Tenant Administrator (also known 
as a Company Administrator) is useful in scenarios in which there’s a 
problem with the on-premises ADFS server. Any Tenant Administrator 
who is enabled for SSO will be redirected back to that server and, as 
a consequence, be caught in a catch-22 situation with sign-on failing. 
So, finding the Tenant Administrator account that isn’t also using SSO 
can help get you out from between a rock and hard place. (If all three 
situations—the user is a Tenant Administrator, the user is SSO enabled, 
and the on-premises ADFS server is having problems—are occurring, 
the user account can’t be used. The reason is that the user is redi¬ 
rected to the on-premises ADFS server for sign on, but that server isn’t 
functioning. So, finding a user account that’s a Tenant Administrator 
but not SSO enabled is a way to save your bacon, so to speak.) 

You can use the script in Listing 7 to determine whether a user is 
a Tenant Administrator. This script uses several cmdlets to retrieve 
information. For example, it first uses the Get-MsolRole cmdlet to get 


Listing 7: Script to Determine Whether a User Is a Tenant Administrator 


Susername = Read-Host "Enter the username of the user 
to check in userprincipal name format" 
if (Susername -notmatch 

{Susername = Read-Host "Incorrect format for user entered. 
Enter the username of the user to check 
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Listing 7: continued 


in userprincipal name format" } 

$UserInfo = Get-MsolUser -UserPrincipal Name $username 
-ErrorAction SilentlyContinue 
SMSOLRole = Get-MsolRole 

if (SMSOLRole -ne Snull) 

{ 

SAdminRoleGUID = SMSOLRole[1].Objectld 
SAdminRoleMembers = 

Get-MsolRoleMember -RoleObjectld SAdminRoleGUID 

# Compare member lists to see if the 

# current user is a member. 

ForEach (SAdminRoleMember in SAdminroleMembers) 

{ 

if (SAdminRoleMember.Email Address 
-eq SUserlnfo.UserPrincipal Name) 

{ SIsTenantAdmin = STrue} 

} 

} 

if (SIsTenantAdmin -eq Strue) 

{Write-Host "The user Susername is 
a tenant administrator."} 
else {Write-Host "The user Susername is not 
a tenant administrator."} 


the globally unique identifier (GUID) for the Company Administrators 
group, then uses that GUID with the Get-MsolRoleMember cmdlet to 
query the group’s membership. After the script has the list of mem¬ 
bers, it looks through the list for a user that has an email address that 
matches the UPN that was supplied. This routine will work well for 
other roles, too. Simply look through the output returned by the Get- 
MsolRole cmdlet and use the desired role’s GUID instead. 
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Determining Whether a User Is Licensed 
for Specific Microsoft Online Services 

Licensing is a complex area. Getting a user’s licensing details dis¬ 
played in front of you can help you rule out the common problem of 
users not having a particular service working simply because they 
aren’t licensed for it. 

The code in Listing 8 determines whether a user is licensed for spe¬ 
cific Microsoft Online Services. It simply looks through the returned 


Listing 8: Code to Determine Whether a User Is Licensed 
for Specific Microsoft Online Services 


Susername = Read-Host "Enter the username of the user 
to check in userprincipal name format" 
if (Susername -notmatch 

{Susername = Read-Host "Incorrect format for user entered. 
Enter the username of the user to check 
in userpri nci pal name format" } 

SUserlnfo = Get-MsolUser -UserPrincipal Name 
Susername -ErrorAction SilentlyContinue 

$LicenseDetails = New-Object PSObject 
Add-Member -InputObject SLicenseDetails 

-MemberType noteproperty -Name "User License Details" 

-Value Susername 

SLicenses = SUserlnfo.Li censes[0].ServiceStatus 
ForEach ($License in $Licenses) 

{ 

switch ($License.ServicePlan.ServicePlanld) 

{ 

'bea4clle-220a-4e6d-8eb8-8eal5d019f90' 

{Add-Member -InputObject SLicenseDetails 
-MemberType noteproperty 

-Name "RMS_S_ENTERPRISE (Rights Management Service)" 
-Val ue SLicense.Provi sioni ngStatus} 

'43de0ff5-c92c-492b-9116-175376d08c38' 

{Add-Member -InputObject SLicenseDetails 
-MemberType noteproperty 

-Name "OFFICESUBSCRIPTION (Office Professional Plus)" ' 
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Listing 8: continued 


-Value $License.ProvisioningStatus} 
'0feaeb32-d00e-4d66-bd5a-43b5b83db82c' 

{Add-Member -InputObject $LicenseDetai1s 

-MemberType noteproperty 

-Name "MCOSTANDARD (Lync Online)" ' 

-Value $License.ProvisioningStatus} 

’e95bec33-7c88-4a70-8el9-bl0bd9d0c014’ 

{Add-Member -InputObject $LicenseDetai1s 
-MemberType noteproperty 

-Name "SHAREPOINTWAC (Microsoft Office Web Apps)" 
-Value $License.ProvisioningStatus} 

’5dbe027f-2339-4123-9542-606e4d348a72 1 
{Add-Member -InputObject $LicenseDetai1s 
-MemberType noteproperty 

-Name "SHAREPOINTENTERPRISE (SharePoint Online)" ' 
-Value $License.ProvisioningStatus} 

’efb87545-963c-4e0d-99df-69c6916d9eb0' 

{Add-Member -InputObject $LicenseDetai1s 
-MemberType noteproperty 

-Name "EXCHANCE_S_ENTERPRISE (Exchange Online E3)" 
-Value $License.ProvisioningStatus} 

'19ec0d23-8335-4cbd-94ac-6050e30712fa' 

{Add-Member -InputObject $LicenseDetai1s 
-MemberType noteproperty 

-Name "EXCHANGE_ENTERPRISE (Exchange Online E2)" ' 
-Value $License.ProvisioningStatus} 
'4b9405b0-7788-4568-addl-99614e613b69' 

{Add-Member -InputObject $LicenseDetai1s 
-MemberType noteproperty 

-Name "EXCHANGESTANDARD (Exchange Online El)" ' 
-Value $License.ProvisioningStatus} 

} 

} 

$ LicenseDetaiIs | FL 


licensing information for the user and matches the GUID associated 
with a specific service license. The script displays the results, which 
include human-readable labels for the service licenses, as shown in 
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Figure 1. Note that Success means the user is licensed for a service. 
Any other result (e.g., Pendinglnput, Disabled) means that the user 
isn’t licensed. 


User License Details : bgreer#tsprin-gs.onmierosoft.com 

R,M$_S_ElfTE^Pftlse (Rights Management Service} i Pendinglnput 

offices u ascription (office Professional Plus} : Success 

mcostahdard {Lync onlimi) : Disabled 

sharefointwac (Microsoft office web Apps) ; Disabled 

sharefdintenterpR isE CstiarePoi rrt Online) ^ Success 

EXCHA>«3E_S_EWTEPtf > RISE (Exchange Online E3-) £ Success 


Figure 1 

Getting a User's 
Licensing Details 


A Must-Have Skill 

I hope that I have shed some light on the complex administrative world 
of WAAD and Office 365. In general, knowing how to use PowerShell 
is a good thing, but when you’re administering Microsoft cloud assets, 
knowing how to use PowerShell is a must-have skill. The PowerShell 
code snippets I shared will save you time, energy, and frustration. If not, 
please feel free to call us at Microsoft Support. We’re here to help. ■ 
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ne of the keys to making the 
most of Windows PowerShell 


is to understand how objects 
and the pipeline work together to let 
you retrieve exactly the information 
that you need. Each command in the 
pipeline generates one or more objects 
and passes them down the pipeline 
to the next command in the pipeline. 
Integral to this process is the ability 
to filter the objects and their data as 
they pass from one command to the 
next. To achieve this goal, PowerShell 
includes a number of cmdlets that, 
in one way or another, let you create 
commands that refine your pipeline’s 
output. I’ll discuss five of those cmd¬ 
lets—specifically, the Where-Object, 
Select-Object, Select-String, ForEach- 
Object, and Out-GridView cmdlets— 
and I’ll provide numerous examples 
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that demonstrate the many ways in which you can filter the pipeline 
objects and their data. 

The Where-Object Cmdlet 

Where-Object is one of the most commonly used cmdlets in PowerShell 
and probably the one most often used for filtering data. This cmdlet fil¬ 
ters objects passed down the pipeline based on the search criteria you 
specify in a script block included with the cmdlet. In other words, the 
script block determines which objects are permitted to continue down 
the pipeline and which are not. 

For example, suppose you want to use the Get-Command cmdlet to 
retrieve only the available cmdlets and no other types of commands. 
To do so, you can pass the Get-Command objects down the pipeline 
to a Where-Object command: 

Get-Command | Where-Object {$_.CommandType -eq 'cmdlet'} 



Robert 

Sheldon 

has written numerous books 
and articles about Windows 
technologies, database 
systems, business 
intelligence, scripting, 
enterprise operations, and 
consumerization. His books 
include Beginning MySQL 
(Wiley) and SQL: A Beginner's 
Me (McGraw-Hill). 



As you can see, you specify the Where-Object cmdlet, followed by 
the script block, which is enclosed in curly brackets. The script itself 
is made up of three components: the property on which to filter the 
data (CommandType), a comparison operator (-eq}, and the value on 
which to base the filter (cmdlet). 

When calling a property in a Where-Object script block, you must 
precede the property name with the $_ symbol, followed by a period. 
The $_ symbol represents the current object in the pipeline. Because 
the Where-Object command is applied to every object as it passes 
down the pipeline, the $_ symbol makes it possible to associate the 
specified property with each object, without having to know the num¬ 
ber of objects being passed down the pipeline and without needing to 
differentiate between those objects. 

The next element within the script block is the comparison oper¬ 
ator, which is -eq (equal to) in this case. PowerShell uses charac¬ 
ters for its comparison operators, unlike many languages, which use 
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arithmetic symbols such as an equals sign (=) or greater than symbol 
(>). In addition to the -eq operator, PowerShell supports comparison 
operators such as: 

• -ne (not equal to) 

• -It (less than) 

• -le (less than or equal to) 

• -gt (greater than) 

• -ge (greater than or equal to) 

• -like (like—a wildcard comparison) 

• -notlike (not like—a wildcard comparison) 

• -contains (contains the specified value) 

• -notcontains (doesn’t contain the specified value) 

Although this isn’t a complete list, it covers many of the basics. 
Be sure to check the PowerShell documentation for details about 
the comparison operators that PowerShell supports. Also note that 
PowerShell 3.0 introduced a number of new operators but contin¬ 
ues to support the original operators. 

Following the comparison operator is the value to be compared. In 
this case, the value is cmdlet. Because it’s a string, you must enclose it in 
either single or double quotes. The difference between the two options 
is in how variables and special characters are handled. Again, check the 
PowerShell documentation for details about working with string values. 

When taken as a whole, the expression within the script block is 
saying that, for an object to be included in the final results, the value 
of the CommandType property must equal cmdlet. If the values are 
equal, the script block evaluates to True and the object is retained; 
otherwise, it’s filtered out from the other objects. 

Figure 1 shows a partial list of the cmdlets returned. Notice that 
the CommandType column includes only the value Cmdlet, indicat¬ 
ing that the results include only that type of command. If you don’t 
include the Where-Object command, the list would include other 
types of commands, such as functions and aliases. 
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CcmniandTypt 

Name 

ModulaN ame 

cmdlet 

Add-sitsFilo 

BitsTransf»r 

cmd1et 

Add-computer 

Microsoft. Power sti*11 r Management 

Qndlet 

Add-Contsnt 

Microsoft.PowershellManagement 

Qndlet 

Add-History 

Microsoft .Pffft'ersbetl - Core 

Cmdl Et 

Add-:obTrigger 

PSScheduledJob 

CmdlEt 

Add-Member 

Micr osoft,Powers hel1,Uti1 i ty 

CmdlEt 

Add-F£5napifi 

Micr osoft.Powersbel1. Cor e 

CmdlEt 

Add-ftoleMember 

5QLASCMDLET5 

CmdlEt 

Add-SqlAval 1abi11tyDatabas e 

SCU.PS 

cmdlet 

Add-SqlAval labl HtyGroupLi sterns rstatf dp 

SQ.LPS 

cmdlet 

Add-Typt 

Microsoft.Powersb*!1.uti1ity 

cmdl tt 

Add-K*bccnfigurat1on 

webAdmfnlstrati on 

cmdlet 

Add-^tbconfigurati onLock 

webAdmini strati on 

cmdltt 

Add-ktbConfigurationProp#rty 

webAdministration 

cmdlet 

Backup-ASDatabast 

SQLASCMDLETS 

cmdlEt 

Backup-sqlD&tabase 

5Q.LF5 

CmdlEt 

Backup-WebConfiguration 

WebAdmini strati on 

CmdlEt 

Checkpoint-Computer 

Mi cr osoft. Por*r5 hell .Management 

CmdlEt 

clsar-content 

Micr osoft.Powershel1„Man agement 

CmdlEt 

clsar-EventLog 

Microsoft.Powersfell .Management 


Once you understand the basics of how to build your script block, 
you can switch things around as necessary. For example, the follow¬ 
ing statement uses the -ne (not equal to) comparison operator to 
compare the property value with the cmdlet value: 


Get-Command | Where-Object {$_.CommandType -ne 'cmdlet'} 


This time around, the results are quite different and include every¬ 
thing but cmdlets. Figure 2 shows a partial list of the type of com¬ 
mands you’d now receive. 


OOrrcrandType 

Name 

Modulehame 

Alias 

Begi n -webcommitDe1ay 

webAdministration 

Alias 

End-Uebcommit Cel ay 

WebAdmi nf st rati on 

Rjoction 

A; 


Function 

B: 


Function 

c: 


Function 

cd.. 


FUnction 

cd\ 


Function 

Cl ear-Host 


Function 

D: 


Function 

Disablt-PSTraco 

PSDiagnostics 

Function 

Disab1e-PSrtSManCombinedTrace 

PSDiagnostics 

Function 

Di sable-WSMajtTrace 

PSDiagnostics 

Function 

E: 


Function 

Enablo-PSTrace 

PSDiagnostics 

Function 

Enablo-PSUSMancombin*drrac« 

PSDiagnostics 

Function 

Enable-WSManTrace 

PSDiagnostics 

Function 

F: 


Function 

G: 


Function 

Get-lst$nipptt 

ISE 

Function 

Get-Log? reporties 

PSDiagnostics 


Figure 1 

Filtering 

Get-Command's 
Output So That Only 
the Cmdlets Are 
Returned 


Figure 2 

Filtering 

Get-Command's 
Output So That 
Everything Except the 
Cmdlets Are Returned 
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You’re not limited to a particular property in the expression; for example, 
you can specify the Name property and the -like comparison operator: 

Get-Command | Where-Object {$_.Name -like '* *clear*'} 

Notice that the value specified after the -like comparison operator 
includes the asterisk (*) wildcard at the beginning and end. The -like 
comparison operator lets you use wildcards within the specified value 
to help with the search. As a result, this statement will return all com¬ 
mands that include the word clear anywhere in the name, as shown 
in Figure 3. In this case, the returned commands all begin with the 
word clear, but the word could be included in any part of the name. 

Figure 3 

Filtering 
Get-Command's 
Output So That All 
Commands That 
Include the Word 
"clear" Are Returned 

The Where-Object script block also lets you use logical operators to 
link together multiple expressions. This way, you can evaluate multiple 
conditions within one script block. The logical operator determines 
how you treat the individual expressions in order to arrive at a final 
evaluation. If the script block as a whole evaluates to True, the object 
is included in the results. PowerShell supports several logical operators: 

• -and (The script block evaluates to True if the expressions on both 
sides of the logical operator evaluate to True.) 

• -or (The script block evaluates to True when one of the expres¬ 
sions on either side of the logical operator evaluates to True.) 

• -xor (The script block evaluates to True when one of the expres¬ 
sions on either side of the logical operator evaluates to True and 
the other expression evaluates to False.) 

• -not or ! (Negates, or reverses, the script element that follows it.) 


eornnandType 

Nam® 

ModuleName 

Function 

elear-Host 


Cmdlet 

clear-Content 

Microsoft, Pn^ershel1.Management 

Cmdlet 

clear-EventLog 

Microsoft.Po^ershel1.Management 

Ondlet 

Clear-wtstory 

Mie rosoft.P sue rshel1.Co re 

Cffldltt 

cl tar- it®* 

Microsoft.PofcirShall.Manag*m*nt 

Cmdltt 

dtar-mfflProperty 

Microsoft.Po^sr&hel1,Management 

Cmdlet 

clear-Variable 

Mi c rosoft. Powe rshel 1 , Llti 1 1 ty 

Cmdlet 

cl ear - Webconf i gur ati on 

WebAdminist ration 

Cffldlet 

Cltar-fctbftequ® stTrac1ngs®ttings 

webAdministration 
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Let’s look at a Where-Object script block that joins two expressions 
to get a better sense of how this works. The following script block 
uses the -and logical operator to join the expressions: 

Get-Command | Where-Object {($_.Name -like '-'clear*') 

-and ($_.CommandType -eq 'cmdlet')} 

The first expression specifies that the Name property value must 
contain the word clear. The second expression specifies that the 
CommandType property value must be cmdlet. Because the -and 
logical operator is used, both these conditions must evaluate to True 
for the script block as a whole to evaluate to True. As you can see 
in Figure 4, only those commands that meet both conditions are 
included. 


ComnandType 

Name 

ModtileNane 

Cmdlet 

Clear-Content 

Hi c rosoft, Fowl r&hel 1. Manage™ nt 

Cmdlet 

clear-EventLog 

Microsaft.Fo^erShel 1 .Management 

Cmdlet 

Cleartiory 

Ml e rot oft, p o*e ri hel 1 , Cor# 

Cmdlet 

clear-Item 

Microsoft .Povier She! 1 .Management 

cmdlet 

Cl*ar-lt*mProp*rty 

Mi c rotoft-Po^e r 5 h*l1„ Management 

Cmdlet 

Clear"Variable 

Mi c rosoft. Pwe r&hel 1. tfti 1 1 ty 

Cmdlet 

cl ear -ViebConf 1 gurati on 

^ebAdmi ni strati an 

Cmdlet 

Cl ear -toebR*qu«tTrai: 1 n-gsett 1 ng t 

webadminl strati on 


Now let’s see what happens when you throw the -not logical opera¬ 
tor (which can also be represented with an exclamation mark—i.e., !) 
into the mix: 


Figure 4 

Filtering 

Get-Command's 
Output So That Only 
CmdletsThat Include 
the Word "clear" Are 
Returned 


Get-Command | Where-Object {($_.Name -like '*clear*') 

-and !($_.CommandType -eq 'cmdlet')} 

Because you’re negating the second 
condition, you’re essentially saying 
that the Name property must include 
the word clear, but the CommandType property can’t be a cmdlet. 
As a result, the statement now returns only a single function, as 
Figure 5 shows. 


Ce«nisnclTyp* Name ModuleName 

Function Clear-Host 


Figure 5 

Filtering 

Get-Command's 
Output So That Any 
Commands That 
Include the Word "clear" 
Are Returned as Long 
as They Aren't Cmdlets 
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As handy as the Where-Object cmdlet is, one thing that’s impor¬ 
tant to point out is that many cmdlets support parameters that filter 
objects for you. For example, the Get-Command cmdlet supports the 
-CommandType parameter. By using these types of parameters, you’re 
passing less data down the pipeline initially, which can help with 
performance when returning large data sets. The following statement 
shows how to make use of this parameter: 

Get-Command -CommandType cmdlet | 

Where-Object {$_.Name -like '*clear*'} 

As you can see, when you call the Get-Command cmdlet, you include 
the -CommandType parameter and the name of the command type 
(in this case, cmdlet). You then pipe your smaller data set to the 
Where-Object command, where you filter out all objects except those 
whose Name property contains clear, as shown in Figure 6. 


Figure 6 

Using Get-Command's 
-CommandType 
Parameter to Filter 
Objects 


ComnandType 

in** 

Modulshame 

Cmdlet 

cl ear-Content 

Micrasoft-PcwerShell.Management 

and 1st 

Clear-EventLocj 

Micrasoft.PowerShe!! .Management 

Otldlit 

Clear-Hittory 

Mi cromft.PowerShell. Core 

Qndltt 

Cl ear-item 

Micro4oft,Pcw*rsh*11 r Managtm*nt 

andlet 

cl ear-ItenFrope rty 

MicroEoft-PowerShsll.Management 

tmd1et 

Cl ear-Variable 

Mit rosoft.Power She11.ut111ty 

ondltt 

Cl ear-wtbconff g^ration 

■flibAdministration 

cmdlet 

cl ear-WebRequestTracingSettings 

>ebAdministration 


Some cmdlets actually support a -Filter property. For instance, the Get- 
Childltem supports such a property to further qualify the -Path property: 

Get-Childltem -Path C:\DataFiles -Filter *txt | 

Where-Object {$_.Length -ge 1000} 

In this case, the -Filter parameter is used to specify that only .txt files be 
returned. Notice that you can use the asterisk wildcard to indicate that 
you want all files ending in txt. Figure 7 shows an example of what the 
results might look like. 
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Now let’s look at another 
aspect of the Where- 
Object cmdlet. Starting 
with PowerShell 3.0, you 
can use an alternative 
approach to specifying the command’s logic. For example, you can 
pipe the Get-Service cmdlet’s output to the Where-Object cmdlet and 
specify that the Status property value must equal the value running: 


Directory : C :\DataFi1es 



Modi 

LaiWrltaTlmi 

Ltngth 

Namt 

-a— - 

4/19/2012 10:IS AM 

I3?sa 

Qutputl.txt 

~a-~- 

4/19/2012 10:13 ah 

1546 

Dutput2.txt 


S/30/2011 4:47 PM 

196750 

Output3.tfct 


Get-Service | 

Where-Object -Property Status -eq -Value 'running' 


Notice that you’re no longer including the script block. Instead, you’re 
simply specifying the property, followed by the comparison operator, 
and finally the value to use for comparison. Figure 8 shows a partial 
list of running services returned. 


Status Name 


Ru nni ng AdobeActi veFi 1 e. * 
Running AppHcstSvc 
Running AudlcfindpointBu.. r 
Running AudioSrv 
Running HFE 
Running Brcn-str 
Running CQMSy&App 
Running CryptSvc 
Running CseSarvlea 
Running DecmLaunch 
Running DefaultTafrUpdate 
Runnlng Dhcp 
Running Dnscacht 
Runnlng DPS 
Running eventlog 
Running evantSystam 
Running FnntCach# 

Running gpsvc 
Running 3IS ADMIN 
Running Iphlpivc 


DiSplAyNAmft 


Adobe Active File Monitor VS 
Application Host Helper Service 
hlndwis Audio Endpoint sulldar 
Kindis Audin 
Base Filtering Engine 
C&Kputir Browtir 
C 0 W+ Systsm Application 
Cryptographic Services 
offrlni Files 

DOOM server PrpctSS Launchtr 
□e fau1tTabUp date 
dhcp client 
DNS dlant 

Diagnostic Policy Service 
'aindtms Event Log 
cow* Evant sy stain 

windows Font Cache Service 
Group Policy client 

lis Admin servl-ct 
ip Helper 


You can shorten this last statement even further. Instead of spelling 
out Where-Object, you can simply use the where alias, which is sup¬ 
ported in all versions of PowerShell. In addition, you don’t need to 
specify the -Property or -Value property names. If PowerShell expects 
a parameter in a specific order and you supply the parameter in that 


Figure 7 

Using Get-Childltem's 
-Filter Property 


Figure 8 

Filtering Get-Service's 
Output So That Only 
Running Services Are 
Returned 
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order, you can sometimes omit the parameter name. However, there 
are no hard and fast rules about when you can or can’t omit the param¬ 
eter name, so you should see the PowerShell Help files for details about 
a specific cmdlet. In the case of the Where-Object cmdlet, you can pare 
the statement down to: 

Get-Service | where Status -eq 'running' 

This statement returns the same results as the previous statement. 
The following statement also returns the same results: 

Get-Service | where {$_.Status -eq 'running'} 

As you can see, this statement is once again using the script block 
format but with the where alias. 

Let’s look at one more trick you can perform with the Where-Object 
cmdlet. The following Where-Object statement specifies only the prop¬ 
erty in the script block, with no comparison operator or target value: 

Get-Service | where {$_.DependentServices} 

When you include only the property in a script block, PowerShell 
returns an object only if the specified property contains a value. In this 
case, you’re returning those local services whose DependentServices 
property contains a value—in other words, those services with depen¬ 
dent services. Figure 9 shows a sample of the services returned. 

You can achieve the same results in PowerShell 3.0 by using the 
shortened version of the Where-Object cmdlet: 

Get-Service | where DependentServices 

You can verify that the statement is returning the desired information 
by looking more closely at one of the services returned. For example. 
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the following statement retrieves data for the eventlog service, which 
is one of the services listed in Figure 9: 


Get-Service eventlog | Format-List 


Status Name 


□isplayName 


Running AudipEndpelntBuH. h 
Running BFE 
Running CryptSve 
Running OcwtiLaunch 
Running phcp 
Stopped EapHost 
Running #v*ntleg 
Running Ev*ntSystem 
stopped fdPHost 
Stopped FDResFub 

stoppad iPBuiEnu* 
stopp*d 

Running LanmanServer 
Running Lanman^orkstatlon 
Stopped HMCSS 
Stoppe d MSSqLSSQLSRVj M&R 2 
Running N55QLSSQLSRY2Q12 
Running Netman 
Running netprefm 
Stepped NetTcpPortSharing 


Windows Ay dip Endpoint Builder 
Base Filtering Engine 
Cryptographic Services 
DCOM Server Process Launcher 
dhcp client 

Extensible Authentication Protocol 

windows Event Log 

COVH- Event System 

Function Discovery Provider Host 

Function Discovery Resource Fublica... 

PnP-X 3 P Bus Enumerator 

CNG Key Isolation 

Server 

workstation 

Multimedia class scheduler 
StfL Server fSQLSRV200SR2> 
sqL Server <SQL5RV2CH2) 

Network Connections 
Network List Service 
Net.Tcp Port Sharing Service 


Figure 9 

Returning Those 
Services with 
Dependent Services 


In this case, you’re piping the Get- 
Service results to the Format-List 
cmdlet so that you can view more 
details about the returned object. 

As you can see in Figure 10, the 
eventlog service has two dependent services: Wecsvs and Schedule. 

I’ve spent a lot of time in this article discussing the Where-Object 
cmdlet because it plays such an important role in filtering data. How¬ 
ever, it’s not the only method available for refining results, so let’s 
move on to the next one. 


Nam* 

; eventing 

DlsplayNam* 

: windows Ev*nt tog 

Status 

z Running 

D*p*nd*ntS*rv1c*s 

: JwecavC' schidul*} 

ServicesDependedOn 

: n 

CanFau se Andcontlnue 

: False 

canshutdown 

: True 

CanStop 

; True 

ServiceType 

z Win32shareProcess 


Figure 10 

Returning the Services 
Dependent on the 
eventlog Service 


The Select-Object Cmdlet 

There might be times when you need to refine your results a bit dif¬ 
ferently from what the Where-Object cmdlet provides. That’s where 
the Select-Object cmdlet comes in. Using this cmdlet, you can filter 
your results based on property names, number of objects, or other 
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Figure 11 

Filtering Get-Process's 
Output to Return the 
ProcessName and 
CPU Properties for All 
Processes 


criteria. For example, the following statement pipes the Get-Process 
cmdlet’s output to the Select-Object cmdlet and specifies that only the 
ProcessName and CPU properties be returned: 

Get-Process | Select-Object -Property ProcessName, CPU | 
Format-List 

As you can see in this code, after you add the 
Select-Object cmdlet, you specify the -Property 
parameter, followed by the property names (sep¬ 
arated by a comma). You then pipe the results 
to the Format-List cmdlet to make them easier 
to read. Figure 11 shows a partial list of the pro¬ 
cesses returned by this statement. Not surpris¬ 
ingly, the results include only the ProcessName 
and CPU properties, as specified. 

You can shorten this Select-Object command 
by using the select alias in place of the Select- 
Object name and by dropping the -Property 
parameter name: 


Get-Process | select ProcessName, CPU |Format-List 

This statement returns the same results as the preceding one, only 
this command is a bit simpler to type. Even so, it’s the results that are 
important, and in this case, even more so. Unlike the Where-Object 
cmdlet, which simply filters out objects, the Select-Object cmdlet 
actually generates a different type of object. To verify this, you can 
use the Get-Member cmdlet to retrieve details about the object being 
returned by the cmdlet. The following statement is piping the Select- 
Object cmdlet’s output to the Get-Member cmdlet: 

Get-Process | select ProcessName, CPU | gm 


CPU 

; apdpr'Cky 
: 0 

ProcessName - 
CPU 

; coheren-te 
: 0,140*25 

ProcessName : 
CPU 

; coherence 
: 0 

ProcessName ; 
CPU 

; coherence 
: 0.015625 

ProcessName : 
CPU 

; cofihost 
: 12.046S75 

ProcessName : 
CPU 

: zccihost 
: 0 

ProcessName : 
CPU 

: csrss 
: 0.300*25 

ProcessName : 
CPU 

: csrss 
; 9.&437S 

ProcessName : 
Cfu ; 

: dllhost 
; 0.015625 

ProcessName : 
CFU 

: dllhost 
: 1.675 
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In this case, the gm alias has been used for the Get-Member cmdlet. 

Figure 12 shows the results. What might strike you immediately is the 
relatively small number of members, with the CPU and ProcessName 
properties being two of them. Also notice that the object returned by 
Select-Object is Selected.System.Diagnostics.Process. However, the 
object returned by Get-Process is actually System.Diagnostics.Process, 
and it includes a lot more members. The Select-Object cmdlet helps 
reduce your load as you pass data down the pipeline. But that means 
you can’t reference one of the discarded members down the road. 
You’re stuck with what you got here. 


Ty p EName: Se1ecte d. 5 y Etem.Gi.agnostl cs■Prate e s 

Nimt 

MemberType 

Definition 

Equals 

Method 

boa! Equal s{|Sy stem, object obj) 

QetHashCode 

Method 

int GetHashcodeQ 

tietType 

Method 

type GerTypeO 

Tostrlns 

Method 

it ring TcStrlngG 

CPU 

MoteProperty 

System, DoubU CP-U=0 

ProcessName 

NoteProperty 

System,String Peaces5Name«apdpraKy 


Figure 12 

Retrieving Details 
About the Object 
Being Returned by 
Select-Object 


For instance, in the previous examples in this section, you used 
the Select-Object cmdlet to return only the ProcessName and CPU 
properties. Suppose you now pipe the Select-Object command to a 
Where-Object command that filters on the Handles property: 

Get-Process | select ProcessName, CPU | 
where Handles -gt 500 | Format-List 

This statement will return no results because that property is no lon¬ 
ger in the pipeline, even though it’s one of the output properties of 
the Get-Process command. However, you can address this issue by 
simply reversing the order of the Where-Object and Select-Object 
commands: 

Get-Process | where Handles -gt 500 | 
select ProcessName, CPU | Format-List 
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Figure 13 

Returning Only 
Those Processes 
Whose CPU Usage Is 
Greater Than 10 


If you’re going to pipe your Select-Object command output to a 
Where-Object command (or a similar command), you can reference 
only properties that still exist. For example, let’s use the Select-Object 
cmdlet to return only the ProcessName and CPU properties, then use 
the Where-Object cmdlet to return only those processes whose CPU 
usage is greater than 10: 

ProcessName, CPU | 

Format-List 


In this statement, you’re piping the Get-Process 
results to the Select-Object command, then 
piping those results to the Where-Object com¬ 
mand, ending with the Format-List cmdlet to 
make it easier to read. Your results should look 
similar to those in Figure 13. 

Now let’s look at another aspect of the 
Select-Object cmdlet worth noting. This cmdlet 
makes working with sorted data easy because 
you can select a specific number of objects 
from the data being passed down the pipe¬ 
line. For example, you can use the Sort-Object 
cmdlet to sort data by the CPU property (in descending order), then use 
the Select-Object cmdlet to return the first five processes: 

Get-Process | sort CPU -Descending | select -First 5 

After you sort the data, you can send it to the Select-Object command 
and specify the number of rows to return. If you run this statement on 
your system, you might see results similar to those shown in Figure 14. 

Now let’s try something else with the Select-Object cmdlet. Let’s 
create a variable ($file) to hold a file object, then pipe the variable to 
a Select-Object command: 


Get-Process | select 
where CPU -gt 10 | 


PfMtJiNarw : 
CPU 

: congest 

: 13-7*5625 

ProcessName : 
CPU 

: csrss 
; 11.625 

Prac#3SN4m« ; 
CPU 

: QrtobOfc 
: 15.54SS75 

ProcessName : 
CPU 

; powershell 
: 11-0*25 

ProcessName : 
CPU 

; services 
: 20.951125 

ProctssNam* : 
CPU 

: sveheit 
: 28-625 

ProcessName 
CPU : 

: svehest 
; 24.5 

ProcessName : 
CPU 

: ivchcxt 
: 4^55375 
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$file = Get-Item C:\DataFiles\ErrorOutput.txt 
$file I select * 


In the first statement, you’re using the Get-Item cmdlet to return infor¬ 
mation about the ErrorOutput.txt file, then assigning that information 
to the $file variable. In the second statement, you’re piping the variable 
to the Select-Object cmdlet. The only argument you need to specify 
is the asterisk wildcard, which indicates that all properties should be 
returned. As you can see in Figure 15, by using this method to retrieve 
data, you can return far more information about an object than you 


Handles 

NPMOO 

PM 00 

WSflO 

VM{M> 

cpoCs) 

2d 

Freedsswam* 

357 

47 

46612 

36024 

169 

46.56 

3976 

SVctlQSt 

432 

IS 

110208 

114296 

213 

27.67 

688 

svdiost 

1087 

48 

33004 

46060 

547 

24.50 

936 

svcJiest 

202 

13 

5916 

10392 

37 

20.92 

504 


650 

45 

60732 

79824 

269 

14.15 

2452 

prl_cc 


FSFath 

: Microsoft. Pouershel 1. Ccre\Fi leSysterr; :C: \DataFi1es\firrorOutput. txt 

FSParentPath ; 

; Mi Cro Soft, Pwier Shel 1. COre\Fi 1 e S y Stent:: C: \0ataFi1 es 

Fsehildhame 

; ErrorOutput.txt 

PSDMv* 

: c 

PBPr&vider 

: Micro toft. F«**r£h*l 1. Cor#\File5ysterti 

FSlscontainer 

: False 

verjicnlnfo 

; File; C:\DataFlles\ErrorOutput.txt 

InternalName: 

Original Filename: 

Fileversion; 

FileDescription : 

Product : 

P roductVers i on : 

Debug; False 

Patched: False 

Prerelease: False 

PrlvateButld: False 

Special Build; False 

Language: 

EaseMime 

ErrorOutput 

Mode 


Name 

ErrorOutput.txt 

LengTth 

314B137 

DirectoryNamE 

C:\DataFiles 

Directory 
tsReadQrl y 

C:\DataFiles 

Fal se 

Exists 

True 

FullName 

C:\OataFilea\GrrcrOutput.txt 

extension 

.txt 

creationTime 

6/50/2011. 4:45:19 FM 

CreationTimeUtc 

8/30/2011 11:45:19 pm 

LastAcces&Tiwe 

6/30/2011 4:45:19 pm 

LastAccessTimeiTtc 

6/30/2011 11:45:19 pm 

LastWriteTime 

5/22/2013 11:45:50 AM 

Lastin't ETi meUtc 

5/22/2013 6:45:50 PM 

Attributes 

Archive 


Figure 14 

Returning the Top 
Five CPU-Consuming 
Processes 


Figure 15 

Retrieving a Lot of 
Information About the 
ErrorOutput.txt File 
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would otherwise. If you had instead piped the variable to the Format- 
List cmdlet, you would have received only about half this information. 

Let’s look at one more feature of the Select-Object cmdlet. As I 
mentioned previously, when filtering out data, Select-Object returns 
an object whose type is different from what had been passed to the 
command in the pipeline. One of the advantages of this is that you 
can add a custom property as you pass the object along the pipe¬ 
line. For example, suppose you want to add a new property named 
LengthKB that converts bytes to kilobytes so that the file size is con¬ 
sistent with what you typically see in Windows Explorer. To do so, 
you add the LengthKB property to your object and set its value to 
equal the Length property divided by 1024: 

$file | select Name, @{Name='LengthKB'; 

Expression={$_.Length/1024}} | Format-List 

To add the property to your object, you specify the @ symbol, followed 
by a script block. Within the script block, you assign a name to the 
property and define the expression, which is enclosed in its own set 
of curly brackets. As the following results show, the statement returns 
two properties—Name and LengthKB—with the file size in kilobytes: 

Name : ErrorOutput.txt 
LengthKB : 3074.3525390625 

As you’ve seen, the Select-Object cmdlet is a handy tool for filtering 
your results in a variety of ways. And it can do even more than what 
I’ve shown you here. 

The Select-String Cmdlet 

The Select-String cmdlet lets you move into new territory: You can use 
it to search an input string or a file’s contents for a specific value. This 
cmdlet searches for text or text patterns within the target data and 
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returns matching content. It operates on a line-by-line basis, filtering 
out all lines that don’t contain the specified string and returning those 
that do. In addition, the cmdlet lets you specify that nonmatching 
lines are returned instead of matching lines. You can even test for the 
existence of matches, without returning the actual data. 

As with any PowerShell cmdlet, the best way to understand how 
Select-String works is to see it in action. Suppose that you want to 
search the text files in the DataFiles directory to determine whether 
any of them contain the value error output. You can use the Select- 
String cmdlet in a statement like this: 

Select-String -Path C:\DataFiles\*.txt 
-Pattern 'error output' 

First, you use the cmdlet’s -Path parameter to specify the location of the 
files. Notice you can use wildcards in that parameter’s value. Then, you 
use the -Pattern parameter to specify the string for which you’re search¬ 
ing. In this case, the command returns only one line from one file: 

DataFiles\ErrorOutput.txt:1:--Error Output 

The information returned shows the folder and filename (DataFiles\ 
ErrorOutput.txt), followed by the line number (1), and the actual line 
of text (-Error Output). Colons separate each entry. If additional lines 
in this file had contained the target string, those lines would’ve been 
returned as well. In addition, any matching lines in any other text 
files within the target folder would’ve been returned. 

Like other cmdlets, the Select-String cmdlet lets you shorten your 
command. You can use the sis alias for the cmdlet name. You can also 
drop the -Pattern parameter name. The following statement returns the 
same results as the preceding one but does so with fewer keystrokes: 

sis -Path C:\DataFiles\*.txt 'error output' 
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As I mentioned previously, Select-String returns the folder and file¬ 
name, line number, and line of text by default. However, there might 
be times when you don’t want to return all that information. As with 
any other command, you can pipe your results to the Select-Object 
cmdlet to perform additional filtering: 

sis -Path C:\DataFilesV.txt 'error output' | 
select LineNumber | Format-List 

This time around, the results are piped to a Select-Object command 
that filters out all the properties except LineNumber. The output is 
then piped to the Format-List cmdlet, which returns the following 
results: 

LineNumber : 1 

If multiple files had contained the specified value, you would have 
wanted more information, but you get the idea. 

The Select-String cmdlet lets you conduct case-sensitive searches. 
You need only append your command with the -CaseSensitive param¬ 
eter, as follows: 

sis -Path C:\DataFiles\*.txt 'error output' -CaseSensitive 

Not surprisingly, the command no longer returns any results because 
the value for which you’re searching is capitalized within the file. 
However, you can modify the value in the command: 

sis -Path C:\DataFiles\*.txt 'Error Output' -CaseSensitive 

The command now returns the results you’d expect: 

DataFiles\ErrorOutput.txt:!:-- Error Output 
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Another important parameter that the Select-String cmdlet sup¬ 
ports is -Quiet, which tells the cmdlet to return only the value True if 
at least one line contains the specified value: 

sis -Path C:\DataFiles\*.txt 'Error Output' 

-CaseSensitive -Quiet 

As you can see, you just need to add the -Quiet parameter. Now the 
command will return only the value of True, as long as there’s at 
least one match. Note that it’ll return only one instance of True, even 
if multiple lines contain the matching value. Admittedly, receiving 
a value of True doesn’t tell you much, but at least you know you’re 
looking in the correct place. 

The -Quiet parameter can be handy if your command will return 
many lines. Although that’s not the case in these examples, it would 
be if you modified the command as follows: 

sis -Path C:\DataFiles\*.txt 'Error Output' -Quiet -NotMatch 

Notice that the -CaseSenstive parameter has been replaced with 
-NotMatch, which reverses the logic passed into the command. As a 
result, all the lines that don’t contain the value Error Output will be 
returned, which in this case would be many lines. In other words, 
almost every line in every file would be returned, except the one line 
in the one file that you know contains the specified value. 

The Select-String cmdlet has another parameter, -Context, with 
which you should be familiar. This parameter lets you specify the 
number of lines to be returned before and after the line that contains 
the matching value. This can provide the context needed to better 
understand the returned data in those situations when a single line 
isn’t enough to tell you what’s really going on. 

For example, you can use the -Context parameter to specify that you 
want the results to include the two lines before and after the target line: 
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sis -Path C:\DataFiles\*.txt 'message C' -Context 2 


Figure 16 

Returning the Two 
Lines Before and After 
the Target Line 


The ForEach-Object Cmdlet 

In a discussion about filtering. I’d be remiss if I didn’t mention 
the ForEach-Object cmdlet. This cmdlet iterates through the objects 
passed down the pipeline and performs a specified operation on 
each one. In some cases, this operation results in an object being 
filtered out of the pipeline. 

But first, let’s start with some basics to better understand how 
the ForEach-Object cmdlet works. Suppose you want use the Get- 
Service cmdlet to retrieve those services whose name begins with 
sql. You can pipe these results to a ForEach-Object command in 
order to return only one property: 

Get-Service sql* | ForEach-Object -Process {$_.DisplayName} 

All you’ve done here is pipe the objects to the ForEach-Object com¬ 
mand, which includes the -Process parameter and a script block passed 
in as the parameter value. The script block itself uses the $_ symbol 
to reference the current object and the Display Name property in order 
to return the value associated with that property. Figure 17 shows the 
services you might see on a system if you were to run this command. 


In this case, you’re searching the target files for the text message C. 
Notice that the -Context parameter has been appended to the com¬ 
mand, along with the value 2. 

As it turns out, only one line in one file contains the text message C, 

as Figure 16 shows. This 
line is highlighted with 
the greater than symbol 
at the beginning of the 
row. As instructed, the two rows before and two rows after this line are 
also included. 


DhataFi Tes\ErroirOy tput.txt [1474: Te&t error Wes sage A 
DArAFllasVEiT&rOuEput.txt r 14751 test error ires tag* & 
> DataFi1*s\!rrorOutput-txt 1 1476:Test error ressace £ 
DataFi Tes\ErrorOutput.txtr1477:Test error Fessage 3 
D4tnFllt4\Error0utput.txt; 147-6;Tist error FtiiaQ* E 
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The ForEach-Object cmdlet sup¬ 
ports an alias ( foreach ) and lets 
you drop the -Process parameter 
name. The following statement 
returns the same results as the preceding one: 

Get-Service sql* | foreach {$_.DisplayName} 

If you want to return a second property, you can simply add it to your 
script block, separated by a semi-colon: 

Get-Service sql* | foreach {$_.DisplayName; $_.Status} 

As you can see in Figure 18, the 
statement now returns the Status 
property values as well as the 
DisplayName values. 

To make the results more 
readable, you can add an empty 
string to the script block: 

Get-Service sql* | foreach {$_.DisplayName; $_.Status; ""} 


The empty string adds an empty 
line after each status in the results. 

As Figure 19 shows, these empty 
lines make it easier to see which 
services are stopped and which 
services are running. 

But what you’ve seen so far 
is nothing new. You can easily 
achieve similar results by using the Select-Object cmdlet. However, 
the difference lies in the script block itself, which lets you write very 


SQL Sfrvir Diitributid Replay client 
Stopped 

SQL server Distributed Replay controller 
5topped 

SQL Server Agent (SAL5RV20MR2) 
stepped 

SQL Server Agent CSQLSRV2012) 

Stopped 

SQL Server Browstr 
Running 

SQL server vss writer 
Running 


SQL Server Distributed Replay Client 
stopped 

SAL Server Distributed Replay controller 
stopped 

SAL Server Agent fSQUSRv2M8R2) 
stopped: 

SAL Server Agent CSALSRW012) 

Stopped 

SAL Server Browser 
Running 

SAL Server vss writer 
Running 


SAL Server Distributed Replay Client 
SAL Server Distributed Replay Controller 
SAL Server Agent fSQLSRVSOMiRZJ 
SQL Server Agent (SQLSHVZOIZ) 

SQL Server Browser 

sal Server vss writer 


Figure 17 

Retrieving Those 
Services Whose Name 
Begins with sql 


Figure 18 

Retrieving the Status 
of the Services Whose 
Name Begins with sql 


Figure 19 

Inserting Empty Lines 
to Make It Easier to 
See the Status of Each 
Service 
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elaborate expressions for how each object is processed. Let’s look at 
another example to give you a better sense of what you can do with 
a ForEach-Object script block. In the following command, the script 
block includes an if statement that returns the display name of each 
service that’s running: 

Get-Service sql* | 

foreach {if ($_.Status -eq 'running') {$_.DisplayName}} 

Within the script block, you specify the if keyword and the condition that 
must evaluate to True. In this case, the Status property value must equal 
mnning. If that condition evaluates to True, the remaining part of the if 
construction runs, which is to merely call the DisplayName property. As 
the following results show, only two services meet all the criteria: 

SQL Server Browser 
SQL Server VSS Writer 

Although this is another fairly simple example, it demonstrates some 
of what you can do with the ForEach-Object cmdlet. However, just 
to make sure you appreciate the cmdlet’s value, let’s look at another 
example. Suppose you want to create new files that contain the con¬ 
tent of some old files. To do so, you can use the statements: 

Scontent = Get-Content C:\DataFiles\TestFolder\*.txt 
$content | foreach {Out-File ($_.PSPath + '.csv') 

-Append -InputObject $_.ToString()} 

The first statement retrieves the content from a set of text files in the 
C:\DataFiles\TestFolder folder and assigns it to the $content variable. 
The second statement pipes that variable to a ForEach-Object com¬ 
mand that includes a script block. This script block will create the 
new files that will contain the contents of the old files. 
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You begin the script block by using the Out-File cmdlet to cre¬ 
ate the file. As part of the process, you use each object’s PSPath 
property to retrieve the current path and filename in order to add 
the .csv extension to that name. For example, one of the files in the 
folder is testl.txt file. A new file will be created to correspond with 
that file and will be named testl.txt.csv. 

So far, all you’ve done is create the new files with the new file¬ 
names. You must now copy the content from each old file to its related 
new one. For that, you add the -Append parameter, followed by the 
-InputObject parameter, which lets you grab the data from the old file 
(the current object), convert it to a string, and add it to the new file. 
In this case, you’ll end up with five new text files that contain the 
content of the five original text files. 

No doubt, if you were going to do something like this, you might 
come up with a more elaborate file scheme and perhaps even move the 
files to a different folder. You could even include additional logic. For 
instance, you could add an if statement that tests whether an existing 
file contains data before copying it to a new file, as shown here: 

$content | 

foreach {if ($_.Length -gt 0) {Out-File 

($_.PSPath + '.csv') -Append -InputObject $_.ToString()}} 

As you can see, the script block has been modified to include an if 
statement that specifies that the Length property must have a value 
greater than 0 for a file to be copied. As this example demonstrates, 
the ForEach-Object cmdlet can be valuable not only for filtering data, 
but also for performing numerous other tasks at the same time. 

The Out-GridView Cmdlet 

The last PowerShell cmdlet related to filtering that I want to demon¬ 
strate is the Out-GridView cmdlet. This cmdlet sends your output to a 
new window that displays your data in a grid. You can then filter the 
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Figure 20 

Using the Out-GridView 
Cmdlet to Launch the 
Display Grid 


returned data however you want, without having to generate addi¬ 
tional PowerShell commands. 

To open the grid window, you simply pipe your results to the Out- 
GridView cmdlet, like this: 

Get-Command -CommandType cmdlet | Out-GridView 

The statement will launch the grid window and display your results, 
as shown in Figure 20. Notice that the window shows the initial list 
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of available cmdlets. To see the rest of them, simply scroll down. 
Every cmdlet available in your version of PowerShell should be 
listed in the window. 

Notice that the grid window has a Filter text box at the top. You can 
filter the results by simply entering a value. For example, in Figure 21, 
the value get-c is entered. Every cmdlet name that contains that value, 
exactly as specified, is displayed in the grid. If a cmdlet’s CommandType 
or ModuleName property contains the specified value, that cmdlet 
would also be displayed in the grid. The value can appear in any part 
of the name, as long as it appears exactly as specified. 



Figure 21 

Filtering Your Results 
as You Type 


WWW.WINDOWSITPRO.COM 


Windows IT Pro / January 2014 57 

















Cover Story 


A 


However, the grid window lets you be even more precise with 
your searches. If you click the Add criteria button, you can add 
specific properties, which you can then search. For example, in 
Figure 22, you’ll see that the Name property has been added as a 
search criterion and the value alias has been specified. Now the 
cmdlets listed are only those in which the word alias appears some¬ 
where in the name. 


Figure 22 

Searching for 
Cmdlets That Contain 
a Specific Word 



Certainly, the Out-GridView cmdlet can be a handy tool when you 
need to search through a lot of data quickly and easily or when you 
need to filter data in different ways. As long as you keep the grid win¬ 
dow open, all the original data is available for searching and filtering. 
However, beyond that, there’s not much else you can do with the data 
in the grid window. Still, in certain situations, it’s an effective way to 
filter your results quickly and easily. 
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PowerShell and Its Filters 

There are many ways you can filter objects and their data in PowerShell. 
For example, you can use the Where-Object, Select-Object, Select- 
String, ForEach-Object, and Out-GridView cmdlets either separately 
or in conjunction with each other. 

Now that you’ve had an overview of the various ways you can fil¬ 
ter data, you should be good to go. But keep in mind that what I’ve 
shown you represents only some of what you can do with each of 
these cmdlets, so be sure to check the PowerShell documentation for 
further information about each one. You’ll find plenty there to keep 
you in filtering heaven. ■ 
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Windows Server 2012 
Data Deduplication 

Save disk space and lower your IT 
costs by eliminating duplicate data 
blocks on storage volumes 

T echnologies people use on a regular basis follow a fairly predict¬ 
able lifecycle—one that Gartner nicely captured in its Hype Cycle 
concept. First, a technology reaches a level of maturity that raises 
its visibility, which Gartner calls the “technology trigger. ” As more people 
take advantage of the technology, its value is over-promised; this is the 
“peak of inflated expectations.” Of course, as people realize the technol¬ 
ogy won’t end world hunger or roll back global warming, it falls into the 
“trough of disillusionment.” Finally, as the technology dilettantes move 
their attention to the next shiny thing, the technology is incorporated 
into products (the “slope of enlightenment”) and IT infrastructures and 
becomes a part of everyday life (the “plateau of productivity”). 

Virtualization has followed this lifecycle. Internet usage has fol¬ 
lowed it as well. And data deduplication—a storage technology that 
reduces disk space requirements—has followed an abbreviated ver¬ 
sion of the hype cycle. Third-party vendors first introduced data dedu¬ 
plication as an add-on feature, but Microsoft added the capability to 
Windows Server 2012, effectively making data deduplication a com¬ 
modity technology that’s available to everyone. 

Data deduplication has become particularly important with the 
explosion of storage. A 2011 IDC report predicts that the world will 
consume 90 million terabytes (that’s 90 yottabytes, in case you were 
wondering) of data in 2014 and 125 million terabytes in 2015. That’s 
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a lot of Facebook posts, folks. Storing this data efficiently is critical, 
and data deduplication technology is a key piece of efficient storage. 

Defining Data Deduplication 

Data deduplication is a simple concept. Many of the data blocks on 
a volume are duplicate data. If you have multiple virtual hard disks. 
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they might be quite similar to one another because they contain the 
same or similar OSs and similar applications. A software installation 
share has files with internal similarities because the compiled code 
shares many common libraries and so on. You could save a lot of 
disk space by eliminating the duplication. Microsoft’s implementa¬ 
tion analyzes data on the volume at a block level to find duplicates. 

It replaces duplicate blocks on a volume with a reparse point and 
metadata that points to the location of the original file data. 

Everything that’s required to access your data is located on the 
drive. This means you can move a drive from one server to another 
and ensure the drive data will be read correctly. There’s an important 
caveat here: The server holding the deduplicated disk must be Server 
2012 or newer (i.e., Windows Server 2012 R2) and have the Data 
Deduplication feature installed, or else it can’t interpret the dedu¬ 
plicated data. You can access a deduplicated disk from Server 2012 
without data deduplication installed, but only original data will be 
available—not the deduplicated data. I certainly wouldn’t call this a 
best practice! 

By default, files aren’t considered for deduplication until they 
remain unchanged for five days; this way, the active files still have 
excellent performance. If a deduplicated file is accessed, it becomes 
“hot” and isn’t touched for another five days. You can easily change 
this setting (which I discuss in a later section of this article); you also 
can configure the process to exclude certain folders or file types. The 
process is designed to run at low priority and memory demand, and 
therefore not interfere with the primary purpose of your server: serv¬ 
ing data to users. Data deduplication stays out of the way and runs at 
a low priority when system utilization is low. Thus, after you enable 
deduplication, it might be a few days before you see substantial sav¬ 
ings. Microsoft guidance states that the deduplication feature can 
process roughly 2TB of data per volume in a 24-hour period (100GB 
per hour) while running a throughput optimization job on a single 
volume. 
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Figure 1 

DDPEval Shows the 
Savings that Data 
Deduplication Might 
Net on a Volume 


You can determine the potential savings that data deduplication 
might net you on a volume by installing the feature, opening a com¬ 
mand prompt, and running 


ddpeval.exe /o:<output file path> 


in the \system32 folder. Figure 1 shows DDPEval output on a rela¬ 
tively small folder. 


: \Files>ddpeval d:\files\softuare\harduare 
ata Deduplication Savings Evaluation Iool 

opyright <c> 2012 Microsoft Corporation. All Rights Reserved. 

valuated folder: d:\files\software\hardware 
valuated folder size: 3.04 GB 
iles in evaluated folder: 12902 


rocessed files: 2568 
rocessed files size: 2.96 GB 
ptimized files size: 2.57 GB 
pate savings: 394.20 MB 
pac\j savings percent: 13 


ptimized files size (no compression): 2.69 GB 
pace savings (no compression>: 269.87 MB 
pace savings percent (no compression): 8 

iles excluded by policy: 10334 
Small files «32KB>: 10334 
iles excluded by error: 0 


The path can be a volume, directory, or mapped network share. 
The /v switch ostensibly provides verbose output, but in my tests 
the utility didn’t return any more information. You can use the /o 
switch to write output to a file. And be prepared to be patient; a 
block-by-block analysis of a large volume at a low priority takes 
some time. 

File operations might or might not be affected on a deduplicated 
volume. For example, copying files to a non-deduplicated volume 
might take longer, but because deduplication has its own cache, 
simultaneous copying of large files might be considerably faster. 
In other words, your mileage may vary, so you must determine 
data deduplication’s effect on your own environment. I suggest you 
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restore the contents of a typical production file server into a lab 
environment and use the free File Server Capacity Tool (FSCT) to 
gather baseline I/O throughput and user capacity data. Then, enable 
data deduplication, let it complete its optimization, and measure 
the storage savings (which you can see an example of in Figure 8). 
Finally, rerun FSCT to compare the storage-optimized version with 
the original. 

Installing Data Deduplication 

To configure data deduplication, fol¬ 
low these steps: 

1. From Server Manager, select Add 
Roles and Features, as Figure 2 
shows. 

2. Expand File and Storage Services 
and select File and iSCSI Services. Then, select Data Deduplica¬ 
tion, as Figure 3 shows. 
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3. Complete the wizard, accepting the defaults. 


Figure 2 

From Server Manager, 
Select "Add Roles and 
Features"to Install 
Data Deduplication 


Figure 3 

Selecting "Data 
Deduplication" in 
the Add Roles and 
Features Wizard 
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You also can install data deduplication with Windows PowerShell 
as follows: 

PS C:\> Import-Module ServerManager 

PS C:\> Add-WindowsFeature -name FS-Data-Deduplication 
PS C:\> Import-Module Deduplication 

Enabling Data Deduplication 

Use Server Manager to enable data deduplication for a specific vol¬ 
ume. Select File and Storage Services in the navigation pane and then 
select Volumes. Figure 4 shows a 2TB data volume (highlighted) that 
is 88 percent full. 
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Figure 4 

Using Server Manager 
to Enable Data 
Deduplication for a 
Given Volume 


Hanshi is a Hyper-V server, so it contains 344GB of virtual machines 
(VMs) in a \VMs folder. In addition, more than 1TB of hies (software, 
MP3, video, backups) comprise 305KB hies in 41,400 folders. 

Right-click the volume and choose Conhgure Data Deduplication, 
as Figure 5 shows. This launches the Deduplication Settings wizard, 
which you can see in Figure 6. 

On this dialog box, conhgure how you want data deduplication 
to operate on the volume. In this example, I accept the default hie 
age of hve days. I’m not excluding any hie types, but I do exclude 
the \VMs folder (which contains VMs, not the old Digital Equipment 
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Corporation OS!), because I don’t want to attempt deduplication of 
live VMs. Well, the live VMs won’t be deduplicated, but if any in that 
folder shut down for a week, the VM will be deduplicated, and sub¬ 
sequent VM startup will be slower. 

Next, click Set Deduplication Schedule on the Deduplication Set¬ 
tings screen to see what it’s all about. Figure 7 shows the Deduplica¬ 
tion Schedule. 


Figure 5 

Choosing "Configure 
Data Deduplication" in 
Server Manager 
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Figure 6 

The Deduplication 
Settings Wizard 
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Figure 7 

The Deduplication 
Schedule 
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By default. Enable background optimization is selected. It allows the 
deduplication process to run in the background when the system is at 
low-resource usage. You can also schedule optimization to run on a reg¬ 
ular basis—by selecting Enable throughput optimization —up to twice 
a day by selecting the second check box. Create a second schedule for 
throughput optimization. In this example, accept the defaults and just 
cancel out of the dialog box. Selecting Finish enables data deduplication 
on the volume. You can also enable deduplication using PowerShell: 

PS C:\> Enable-DedupVolume E: 

PS C:\> Set-Dedupvol ume E: -MinimumFileAgeDays 20 

After about 36 hours, data deduplication has optimized the volume, 
as you can see in Figure 8. 

The deduplication process reclaimed 23 percent of the volume, 
resulting in a savings of 363GB. This certainly isn’t as large a savings 
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as Microsoft touted; however, 363GB of reclaimed disk space is noth- Figures 

ing to sneeze at—especially for a “set it and forget it” process. Server Manager Shows 

the Optimized Volume 

Exploring Data Deduplication Cans and Can'ts 

Not every type of volume is a good candidate for data deduplication, 
and some can’t be de-duped at all. I provide a list of the cans and 
can’ts of deduplication. 

Cans. 

• Data deduplication can be performed only on NTFS-formatted 
volumes and will work with either Master Boot Record (MBR) or 
GUID Partition Table (GPT) partitioning. 

• Data deduplication can reside on shared storage, such as storage 
that uses a Fibre Channel or a Serial Attached SCSI (SAS) array, 
or when an iSCSI SAN and Windows Server Failover Clustering is 
fully supported. 
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Can’ts. 

• A volume can’t be a system or boot volume, because deduplica¬ 
tion isn’t supported on OS volumes. 

• If you convert a regular volume that has been enabled for dedu¬ 
plication to a Cluster Shared Volume, no further deduplication 
will take place. 

• Microsoft guidance says, “Do not rely on the Microsoft Resilient 
File System (ReFS).” No reason is given, but a data accessibility 
recommendation isn’t something I’d ignore. 

• Data deduplication can’t be performed on removable drives. 

• Data deduplication doesn’t support remotely mapped drives. 

Reaping the Savings By Upgrading 

Data deduplication in Server 2012 is yet another of the OS’s features 
that contributes to its must-have status. The savings that data dedupli¬ 
cation will give you in storage costs will probably—by itself—justify 
the cost of upgrading Windows-based file servers. Your savings will 
vary from what Microsoft predicts, but whatever you gain is a benefit. 
Data deduplication has become an essential storage technology that 
should be included in every Server 2012 deployment and beyond. ■ 
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Shared Storage Live Migration 

How to set up Shared Storage Live Migration 
in Windows Server 2012 


M icrosoft first added live migration to Hyper-V in Windows 
Server 2008 R2, and significantly enhanced it in Windows 
Server 2012. The management feature helps reduce planned 
downtime and provides a foundation for the dynamic data center by 
allowing you to move virtual machines (VMs) between Hyper-V hosts 
with no downtime at all. 

You can use live migration to move VMs from a Hyper-V host that 
needs maintenance to another Hyper-V host.Then when the mainte¬ 
nance is complete, you can move the VMs back to the original host— 
all with no interruption of end-user services. Live migration also 
enables you to build a dynamic data center that can respond to high 
resource-utilization periods by automatically moving VMs to hosts 
with greater capacities, thereby enabling a VM to meet service level 
agreements (SLAs) and provide end users with high levels of perfor¬ 
mance, even during periods of heavy resource utilization. 

The original implementation of live migration was limited to per¬ 
forming a single live migration at a time between two Hyper-V 
hosts. All subsequent live migrations were queued up. In addition, 
live migration required a Windows Failover Cluster and a shared 
storage solution. With Windows Server 2012 Hyper-V, Microsoft 
enhanced live migration in a number of ways. First, Microsoft 
added the capability to perform live migrations without a cluster 
or shared storage. In addition. Server 2012 Hyper-V can perform 
multiple live migrations simultaneously. In this article, I show how 
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to configure Server 2012 Hyper-V to perform Shared Storage Live 
Migrations. Other articles in this series show you how to set up 
Server 2012 Hyper-V to perform Server Message Block (SMB) and 
Shared-Nothing Live Migrations. 

Shared Storage Live Migration is the fastest and most seamless 
of the three live migration methods. However, shared storage also 
requires more infrastructure and configuration than the other live 
migration options. In this article, I guide you through the process of 
setting up Shared Storage Live Migration. First, I explain how live 
migration works. Then I cover some of the hardware and software 
prerequisites that must be in place. Finally, I walk you through the 
important points of the Hyper-V and Failover Clustering configuration 
that must be performed to enable live migration. 

Overview of Shared Storage Live Migration 

Live migration takes place between Hyper-V hosts. Essentially, a 
VM’s configuration and memory is initially copied from a source 
Hyper-V host to the target Hyper-V host. After the memory is cop¬ 
ied, a memory synchronization process occurs where the target 
VM is updated with the user’s changes to the source VM. After the 
memory is synchronized, the user is cut over to the VM running on 
the target Hyper-V host. The VM on the new host can immediately 
access its virtual hard disk (VHD) files stored on Cluster Shared 
Volumes (CSVs). Figure 1 shows an overview of the live migration 
architecture. 

When you initiate a live migration, the following steps occur: 

1. A VM configuration file is created on the target server. 

2. The source VM’s initial memory state is copied to the target. 

3. Changed memory pages on the source VM are tagged and cop¬ 
ied to the target. 

4. This process continues until the number of changed pages is 
small. 

5. The VM is paused on the source node. 
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Figure 1 

Shared Storage Live 
Migration Overview 


Requirements for Shared Storage Live Migration 

From a hardware standpoint, you must have a minimum of two 
physical servers, each running Server 2012 with the Hyper-V virtu¬ 
alization role installed. This means you must be using the Server 
2012 Standard or Datacenter edition. You can’t use the Server 2012 
Essentials or Foundation editions because they don’t support the 
Hyper-V virtualization role. All servers also must support x64 vir¬ 
tualization. It’s also recommended that the processors provide 
support for Second-Level Address Translation (SLAT). All modern 


6. The final memory state is copied from the source VM to the 
target. 

7. The VM is resumed on the target. 

8. An Address Resolution Protocol (ARP) update is issued to 
update the network routing tables. 
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servers from tier-one OEMs such as HP, Dell, IBM, and Cisco sup¬ 
port these standards. 

One point to be aware of, however, is that all the physical servers 
must use processors from the same manufacturer. In other words, 
they must all be Intel or they must all be AMD. Although this require¬ 
ment might change at some point in the future, at this time you can’t 
perform a live migration of a VM from a Hyper-V host system with 
an AMD processor to a Hyper-V host system with an Intel processor. 
Although you can’t mix processor manufacturers, it’s important to 
note that you don’t need to have matching processors or memory 
configurations in the systems acting as live migration hosts. The 
host systems can have different processors with different numbers 
of cores and different amounts of memory from those within the 
source systems. However, you should be sure that the host servers 
have the processing capacity to run the workloads of the VMs that 
are live migrated. 

In addition, you need a shared storage subsystem. This can be 
either an iSCSI or Fibre Channel SAN. If you’re using an iSCSI SAN, it 
must support the iSCSI 3 persistent reservations feature. This shared 
storage solution must be accessible to all the different systems per¬ 
forming live migration. 

It’s also recommended that each server have a minimum of three 
physical network adapters. One network adapter is used by the VMs 
for external-network connectivity, another network adapter is used 
for VM management, and the third network adapter is used for the 
live migration process. In most production environments, you would 
need more network adapters to handle the combined bandwidth 
requirements of the workloads running in the VMs. 

In addition to the Hyper-V role installed on the Server 2012 sys¬ 
tems, Shared Storage Live Migration requires a Windows Server 
Failover Cluster; therefore, you must install the Failover Clustering 
feature and have a minimum of a two nodes in your Server 2012 
cluster. Server 2012 Failover Clusters support a maximum of 64 
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nodes. For step-by-step instructions on setting up a Server 2012 
Failover Cluster, refer to “Windows Server 2012: Building a Two- 
Node Failover Cluster.” You also can watch a short video in which 
I step you through the process of building a two-node Server 2012 
Failover Cluster in the video “Windows Server 2012: Creating a 
Two-Node Cluster.” 

Creating Cluster Shared Volumes (CSVs) 

After the cluster is created, create one or more CSVs on the clus¬ 
ter. Technically, CSVs aren’t required for Shared Storage Live Migra¬ 
tion, but using them makes the whole process easier and lets the live 
migrations happen much more quickly. The CSV feature lets multiple 
cluster nodes simultaneously access the shared storage locations. 
Unlike in Windows Server 2008 and Windows Server 2008 R2, Server 
2012 CSVs are enabled by default. However, you still need to select 
the cluster storage that will be used for CSVs. 

To select a CSV’s clustered storage location, open the Failover 
Cluster Manager, select the cluster, and expand the Storage node. 
This displays the Disks and Pools nodes. Select the Disks node to 
display the available cluster disks. For this example, I already added 
the disks for the CSV to the cluster. If you need to add disks to your 
cluster, select the Add Disk option on the Actions pane. To add 
disks to the cluster, they must be visible to the nodes in the cluster 
from Windows Disk Management. The storage for a CSV has to be 
visible to the cluster, and it can’t be used for other purposes such 
as clustered applications or the cluster quorum. You can get more 
information on how to add disk storage to a cluster at “Windows 
Server 2012: Building a Two-Node Failover Cluster.” To use an exist¬ 
ing cluster disk for your CSV, right-click on the disk in the Failover 
Cluster Manger and select the Add to Cluster Shared Volumes option 
from the context menu (Figure 2). 

Select the Add to Cluster Shared Volumes option to convert 
the disk to a CSV. The conversion process takes only a couple of 
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Figure 2 

Adding Cluster Shared 
Volumes 


seconds. You can convert multiple disks. In the example, I con¬ 
verted Cluster Disk 1 and Cluster Disk 3 to CSVs. Previously, these 
disks connected to the LUNs on my iSCSI back end and were used 
for VM storage. 

Creating CSVs also results in the creation of a mount point on all 
cluster nodes. By default, the newly created mount point is labeled 
C:\ClusterStorage\Volumel. Figure 3 shows an example of mount 
points for two CSVs. 

The C:\ClusterStomge\Voliimel mount point was created when I 
converted Cluster Disk 1 to a CSV. The C:\ClusterStomge\Volume2 
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Figure 3 

Cluster Shared 
Volumes Mount Point 


mount point was created when I converted Cluster Disk 3 to a CSV. 
Once the CSVs are created, the next step is to store VMs on them. 

Creating VMs on Cluster Shared Volumes 

At this point, failover clustering is configured on all nodes in the 
cluster and the Cluster Shared Volumes feature has been added to 
the cluster storage, allowing all nodes to simultaneously access the 
CSV storage. The next step is to create VMs or move existing ones 
to CSV storage. If you have an existing VM, you can move it and 
its artifacts to the CSV using Hyper-V Manager’s move options. If 
you’re creating a new Hyper-V VM, you can use Hyper-V Manager, 
PowerShell, or System Center Virtual Machine Manager. To create 
a new VM using Hyper-V Manager, open Server Manager, and click 
the Administrative Tools, Hyper-V Manager option. Next, select New, 
then Virtual Machine from the Hyper-V Manager Action pane to start 
the New Virtual Machine wizard. Figure 4 shows the wizard dialog 
box, labeled Specify Name and Location. 

The new VM is named ORPORTVM1 (Figure 4). Also note that 
the value for the VM location is set to the Cluster Shared Volumes 
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New Virtual Machine Wizard 




Specify Name 


and Location 


Before You Begin 


Specify Narine and Location 


Assign Memory 
Configure Networking 
Connect Virtual Hard Disk 
Installation Options 
Summary 


Choose a name and location for this virtual machine. 

The name is displayed in Hyper-V Manager. We recommend that you use a name that helps you easily 
identify this virtual machine, such as the name of the guest operating system or workload. 

Name: JORPORTVmI | 


You can create a folder or use an existing folder to store the virtual machine. If you don't select a 
folder, the virtual machine is stored in the default folder configured for this server. 

@ S tore the virtual machine in a different locati on 





Local: 

lih: | AVd 

|| Browse... | 





^ If you plan to take snapshots of this virtual machine, select a location that has enough free 
space. Snapshots include virtual machine data and may require a large amount of space. 


< Previous Next > Finish Cancel 


mount point: C:\ClusterStorage\Volumel\. This creates the VM 
configuration files on the shared storage. Click Next to assign RAM 
to the VM. Click Next again to select the network connection for 
the VM. Assigning a network to the VM is optional. However, if you 
do select an external network, be sure that the external network 
connection is named the same on all your Hyper-V nodes. In my 
case, I used the external network name External Virtual Network 
on all my Hyper-V cluster nodes. Click Next to display the Connect 
Virtual Hard Disk dialog box (Figure 5). 

Again, it’s important to create the VHD files on the Cluster Shared 
Volumes storage. Initially, the dialog box displays the Hyper-V 
Manager default values for name and location. I used the value 
ORPORTVMl.vhd for the VHD file and changed the location to C:\ 
ClusterStorage\Volumel. Click Next to specify the guest OS installa¬ 
tion options. All guest OSs, including Linux, can take advantage of 
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Summary 


A virtual machine requires storage so that you can install an operating system, You can specify the 
storage now or configure it later by modifying the virtual machine's properties. 

@ Create a virtual hard disk 
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Figure 5 

Adding New Virtual 
Hard Disks on the 
Cluster Shared Volume 


live migration. The rest of the process for creating a VM is exactly like 
creating a regular VM. When you complete the New Virtual Machine 
Wizard, the VM is created on the Cluster Shared Volumes storage. 
The next step is to start the VM and install the guest OS and the appli¬ 
cation that you want to run on the VM. 

Creating the Highly Available VM Role 

Using the Failover Cluster Manager, go to Administrative Tools and 
open the Failover Cluster Manager console. Navigate to the Roles 
node under the cluster name and right-click to display the context 
menu (Figure 6). 

Select the Configure Role option to start the High Availability wiz¬ 
ard. The first dialog box displayed by the High Availability wizard is 
the Select Role dialog box (Figure 7). 
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This action enables you to select a role that you can configure for high availability. 


Figure 6 Choose Virtual Machine from the list of roles displayed on the 
Adding a New vm Role Select Role dialog box, as shown in Figure 7. Click Next to display the 
Select Virtual Machine dialog box (Figure 8). 

All of the VMs on both cluster nodes are displayed in the Select 
Virtual Machine dialog box. Scroll through the list of VMs until you 
find the one you want to enable for live migration. I selected the VM 
0RP0RTVM1 that I had created earlier. The VM can’t be running 
while you perform this operation—it must be in the off or saved 
state to complete the wizard. You can use the Shutdown or Save 
options underneath the list in the dialog box to put the VM into the 
required state. 
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Select the check box in front of the VM name and click Next until 
you complete the wizard. A Confirmation screen is displayed, and 
then the Summary dialog box reports the status of the aid role oper¬ 
ation (Figure 9). 

If you see a Success result in the description field, as shown Fig¬ 
ure 9, then the VM is successfully enabled for live migration. If not, 
you should review the VM properties and make sure all the VM 
assets can be accessed on all nodes in the cluster. If there’s an error, 
the most common problem is that some of the VM’s files or objects 
can’t be accessed by both physical nodes. One common problem 
is when the VM is using the host’s physical DVD drive. After the 
new role is added, it’s listed in the Failover Cluster Manager’s Roles 
pane, as shown in Figure 10. In Figure 10, you can see that the 
VM ORPORTVM1 is running and that the Current Owner is node 
WS2012-N2. 


Figure 9 

Summary Dialog Box 
Reporting the Status 
of the Add Role 
Operation 
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Summary 


Before You Begin High availability was successfully configured for the role. 

Select Role 


Select Virtual Machine 

Confirmation 

Configure High 
Availability 


Summary 


-v Virtual Machine 


All of the virtual machine configurations chosen were successfully made highly 
available. 


Name 


OKPORTVM1 


Result 



Description 


Success 




To view the report created by the wizard, click View Report 
To close this wizard, click Finish. 


View Report... 


Finish 
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Initiating Live Migration Figure io 

After you configure Hyper-V live migration, you can initiate a live New vm Role 
migration using the Failover Cluster Manager. To perform Shared Stor¬ 
age Live Migration, you must use either the Failover Cluster Manager or 
Virtual Machine Manager. You can’t use the Hyper-V Manager. To start 
a live migration, expand the Roles node and right-click the VM role you 
want to live migrate, which displays the context menu in Figure 11. 

Select the Move option displayed in the upper portion of the context 
menu. A fly-out menu prompts you for the type of move operation. 

You can perform a Live Migration, Quick Migration, or Virtual Machine 
Storage migration. Select Live Migration, as shown in Figure 11, and 
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Figure 11 

Initiating a Live 
Migration in the 
Failover Cluster 
Manager 


another fly-out menu prompts you for the target node. You can choose 
Best Possible Node or Select Node. Because this example is a two-node 
cluster, the results of both selections are the same. However, there can 
be as many choices as there are nodes in the cluster. The maximum 
number of Server 2012 cluster nodes is 64. Server 2012’s placement 
optimization ranks the suitable, live migration targets according to 
their available capacity. In this example, I selected Best Possible Node. 

The Server 2012 Failover Cluster Manager doesn’t give a lot of feed¬ 
back about the status of the live migration, but my live migration 
took only a few seconds. The length of time it takes depends on the 
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size and activity of the VM, as well as the speed and activity of the 
network connection between the Hyper-V host systems. Typically, my 
network live migrations take between a few seconds and a minute. 
When the live migration completes, the summary pane redisplays and 
the Current Owner value updates with the name of the target node. 
After my live migration, the Current Owner was listed as WS2012-N1. 

Live Migration Reduces Planned Downtime 

Live migration reduces planned downtime for virtual machines and— 
when combined with technologies such as Dynamic Optimization— 
provides the foundation for the dynamic data center and private 
cloud. In this article, I demonstrated how to set up Shared Storage 
Live Migration on an existing two-node cluster. You might also want 
to check out the accompanying video, in which I explain how to con¬ 
figure live migration on a Server 2012 Failover Cluster. ■ 




Video 


Michael Otey 
demonstrates how to 
set up Shared Storage 
Live Migration in 
Windows Server 2012 
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Feature 




What’s New with 
System Center 2012 
Service Manager SP1 

These three big features should get 
you excited to start a deployment 


S 


ometimes, the purpose of Service Manager in relation to the 
other System Center 2012 components is misunderstood: Some 
people think of Service Manager as a “ticketing system.” The 
reality is that Service Manager is a central hub for all of System Center 
2012 and indeed the entire IT infrastructure in System Center 2012. (It 
also performs ticketing!) If you’ve ever seen a graphic representation 
of the System Center 2012 components. Service Manager is typically 
drawn in the middle (as you see in Figure 1), emphasizing its central¬ 
ity to the full power of System Center 2012. 




is a Windows technical 
specialist, an 11-time MVP, 
and an MCSE for Private 
Cloud and Server 
Infrastructure 2012. He's a 
senior contributing editor to 
Windows IT Pro and his latest 
book is Microsoft 
Virtualization Secrets (Wiley). 



Figure 1 

The Components of 
System Center 2012 
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I should point out that I’m using the word “component” rather 
than “product” to describe Service Manager. Remember that System 
Center 2012 is a single product that includes multiple components. 
Prior to this release, these pieces were separately purchasable prod¬ 
ucts. That is no longer the case. If you own System Center 2012, you 
own all its components. 

I think of Service Manager as the Configuration Management Data¬ 
base (CMDB) for the entire organization. Because Service Manager has 
connections to most of the other System Center components, it knows 
what they know and consolidates that knowledge into a single data 
warehouse. When you look at a Configuration Item (e.g., a computer) 
in Service Manager, you see its hardware and software inventory, its 
patch status, its Active Directory (AD) information, any monitoring 
alerts that relate to it, information about its virtualization, and so on. 
You see everything. The Service Manager 2012 data warehouse also 
allows the inclusion of custom data sources, permitting the collection 
of data from other sources beyond System Center. Work items such 
as incidents, change requests, problem records, release management 
records, and service requests are all native to Service Manager. 

There are also strong partners—such as asset management—that 
enhance Service Manager with additional capabilities. Tiers of sup¬ 
port and different groups can be defined, allowing work items to be 
routed to the correct group of people. Service level agreements (SLAs) 
can be defined, triggering automatic escalation if an SLA reaches a 
certain threshold. Service Manager is a library in which you store 
knowledge about your environment and processes. Many areas of 
Service Manager got improvements in the 2012 version, including a 
welcome overall performance boost, but I want to focus on some spe¬ 
cific key new features. 

There are many new capabilities in Service Manager 2012 and even 
newer ones in SP1. However, I want to focus on what I think of as 
“the big three” new features that work closely together to enable the 
System Center 2012 Private Cloud solution. 
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Integration with Orchestrator and Virtual Machine Manager 

Think of any set of activities that you need to perform on any number 
of systems and on all the different consoles you use. Consider the vari¬ 
ous paths of your actions, and all the complex procedures that need to 
be followed. Whatever you think of—provided that set of activities has 
some way to be communicated with digitally through an API, Power- 
Shell, SSH, commands, REST, a defined set of activities provided in 
an Integration Pack, or anything else—can be automated as a runbook 
within System Center Orchestrator. Once most people get a look at 
what’s possible with Orchestrator and see how simple it is to create 
runbooks through a graphical designer, they quickly regard Orchestra- 
tor as the System Center component they can’t live without. They soon 
begin creating runbooks to automate manually intensive processes. 

Service Manager 2012 is tightly integrated with Orchestrator, allow¬ 
ing all defined runbooks to be synchronized into the Service Manager 
2012 database, using the built-in Orchestrator connector. (Note that the 
actual runbook code isn’t synchronized but rather the list of available 
runbooks and the data-initialization parameters necessary to launch 
each runbook.) This allows Service Manager to remotely trigger the 
execution of a runbook by passing the required parameters. Using this 
approach, it’s possible to create runbook-automation activity templates, 
which can then be used in standard service request templates, incident 
templates, or any other kind of work item. These runbook activities 
can be included in the overall process for these different types of work 
items to automate the process (or portions of the process). 

Virtual Machine Manager (VMM) also integrates with Service Man¬ 
ager, and the built-in connector pulls information about the virtual 
environment into Service Manager. This includes objects such as vir¬ 
tual machines (VMs), VM templates, networks, hosts, and clouds. 
(Some of this functionality comes via Operations Manager, as well.) 
Giving Service Manager information about the virtual infrastructure 
enables a number of private cloud management scenarios, such as 
creating VMs and entire clouds via requests made through Service 
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Manager. A further change in Service Manager SP1 is VM charge- 
back. Chargeback is a new set of objects in Service Manager that 
allows pricing to be defined for different virtualization resources such 
as VMs, CPUs, memory, or storage. As VMs are consumed by busi¬ 
ness units, reports can be generated that show each business unit the 
actual dollar charge for the virtualization resources it has used. Fig¬ 
ure 2 shows a sample pricing sheet object in Service Manager. Note 
that the options include not only pricing for common resources such 
as CPU, memory, and storage but also for more advanced features 
such as the use of high availability and a static IP address. 


Figure 2 

New Pricing Sheet 
Available in System 
Center 2012 SP1 



Request Offerings, Service Offerings, 
and the Service Catalog 

Service Manager 2012 introduces a number of capabilities that relate 
to offering services to users—a key building block of the industry shift 
toward IT organizations acting as service providers to the broader 
organization. The first step in offering a service is to create a request 
offering. Each request offering is based on either an incident template 
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or service request template that defines some default values such as 

the title, the urgency, and the group it will be assigned to when a user 

requests it. These templates also define the process to be followed to 

fulfill that request. As a simple example, the template might have a 

two-step process to get approval from the requestor’s manager and 

then to execute a runbook in Orchestrator to provision a new VM. 

A request offering can be given a title, a custom 32 * 32 image, and 

a description, and then the administrator can define a number of 

questions for the user, requesting specific pieces of information. The 

administrator then defines how each user response is mapped to the 

resulting service request or incident on creation. 

Figure 3 shows a sample request offering that will prompt the user 

for a new VM name, its owner, a cloud to deploy to, and a VM tem- F| 9 ure3 
, , , . . . , , A Request Offering 

plate to use. Rather than creating just simple text boxes, you can 
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also create lists for users to select from. In Figure 3, I’m using the 
list option for the cloud and template selections; however, you could 
also make this a Query Result, which would display a list of options 
based on what had been populated in the Service Manager CMDB 
from VMM. In my sample scenario, which calls a runbook, some of 
the user responses would likely be mapped to the inputs expected by 
the runbook. When creating request offerings, it’s important to set 
the status to Published, which is in the Publish section of the Request 
Offering, or the offerings won’t be visible to the user nor be available 
to be placed into our next step: a service offering. 

A service offering allows the logical grouping of request offerings. 
Like a request offering, a service offering has a title, its own icon and 
description, a category, and information such as SLAs and cost. One 
or more request offerings are added to a service offering, as Figure 4 
shows. In my example. I’ve created a virtualization service offering 
and I’ve added all my virtualization-related request offerings to it. 
Essentially, you’re defining a type of service, and the request offerings 
are the actual services that the user can request. So, virtualization is 
the service, whereas creating a VM, changing VM ownership, and 
changing quotas are all services that the user might want to request. 


Figure 4 

Adding Request 
Offerings into a 
Service Offering 
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The request offerings and the service offerings make up the service 
catalog, which is the sum of the services and assistance you want to 
make available to the end users to request. 

Self-Service Portal 

In the previous section, I discussed making offerings available to users— 
but how do users access them? Service Manager 2010 had a web-based 
self-service portal, but it was functionally limited and difficult to use. 
Service Manager 2012 features a brand-new self-service portal built 
on SharePoint 2010. (Yes, even with Service Manager 2012 SP1, at the 
time of this writing, only SharePoint 2010 can be used, which means 
although every other component of System Center 2012 SP1 supports 
Windows Server 2012, the web portal for Service Manager needs to 
run on Windows Server 2008 R2. However, this should change soon.) 
The new portal uses Silverlight, which means all the customization of 
SharePoint can be leveraged for the portal. Additionally, the web parts 
that make up the Service Manager 2012 web portal can be integrated 
into an existing SharePoint deployment. Figure 5 shows the self-service 
portal home page, and the emphasis on the service catalog is imme¬ 
diately evident: All the service offerings you’ve created are presented 
in the default Category view. There’s also a List view (which Figure 6 
shows), showing all the request offerings created. As you can see, the 
Category view is a better experience for users, allowing them to select 
the type of service they’re interested in. Once selected, the specific 
request offerings for that service are displayed, as Figure 7 shows. 

When a user selects a specific request offering, he or she is taken 
to a new page showing any related Help articles and service offerings, 
with a button to go to the actual request form. A common request I 
hear from customers is to cut out this page because it just slows down 
users’ attempts to get where they want to go. However, the goal is to 
be able to present users with information, so perhaps they don’t need 
to fill out the request at all. Figure 8 shows the actual request offer¬ 
ing form. Remember the fields that were configured in the request 
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Figure 5 

The Main 
Service Manager 2012 
Self-Service Portal 


Figure 6 

The Alternate List View 
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Figure 7 

The Layout for a 
Service Offering 


offering way back in Figure 3? This is what the user sees as a result of 
those information prompts. Once the user completes all the fields, he 
or she is taken to a review screen when the request is submitted and 
the user will be given the ID of the new service request. 

Note the links on the left side of the self-service portal. The Home 
link takes you to the home page of the service catalog. Help Articles lets 
you search for help. My Requests lets you see open requests and update 
them. My Activities shows only activities for you to perform. Returning 
to the VM creation scenario, in which the manager has to approve the 
request prior to actual VM creation, that approval is a review activity 
assigned to that manager. The manager could log on to the self-service 
portal, and those review activities would be listed under My Activities. 
Assuming the manager approves the review activity. Service Manager 
would kick off the automated runbook in Orchestrator to create the VM. 
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Figure 8 

The User Form for a 
Request Offering 



What Do We Get? 

When you put these three things together, you have the ability to 
present users a catalog of services that they can request. Each type 
of request can gather specific information needed by the IT organiza¬ 
tion to fulfill that request. Because the information from the user is 
captured in a structured way and mapped to either a Service Request 
or an Incident, you can easily pass that data into an Orchestrator run- 
book to automatically fulfill all of or part of that request. 

Users have one place to request virtually any kind of service. It 
could be a new VM running an Orchestrator runbook that triggers 
things on VMM. It could be a request for an application running an 
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Orchestrator runbook that triggers activities on Configuration Man¬ 
ager. (You can download Application Approval Workflow to help with 
this.) It could be resetting Apache on 20 Linux boxes that triggers 
Orchestrator to run some SSH commands on the target boxes that 
application owners can leverage instead of having to bother the IT 
administrators. It could be requesting a new chair that just raises a 
request ticket in Service Manager. (I walk through the entire process 
in the accompanying video.) 


j u_ ... 




Video 


John Savill shows how 
to use System Center 
2012 to deploy a 
virtual machine 


The Best of the Rest 

There are many features beyond the big three I’ve discussed, and 
I’ll just touch on some of them here. I mentioned SLAs earlier; this 
concept was present in Service Manager 2010 but SLAs weren’t very 
usable because they basically just started a clock, and when a certain 
amount of time had passed, the SLA threshold was triggered. That 
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was unfortunate if the ticket was opened at 5:00 p.m. on Friday. In 
Service Manager 2012, calendars can be created and different calen¬ 
dars assigned to different groups of work items. Normal work items 
can be tracked only during working hours, but for special groups of 
work items the SLA can extend later into the evening. 

Service Manager 2012 introduces a new type of work item called 
the release record, which can be used to coordinate the release man¬ 
agement process of rolling out a line-of-business (LOB) application 
or applying changes during a maintenance window. Service Manager 
now also allows the creation of parent-child relationships for incident, 
change, and release management work items. With the new parent- 
child capability, incidents can be linked to an existing parent incident. 
This means that when the parent incident is resolved, all the child 
items will also be (optionally) resolved. This is useful when your email 
server goes down and you have 500 tickets related to no email service. 
Now, when you fix the email server and resolve the associated parent 
incident, all those user tickets get resolved automatically. 

Each component of System Center 2012 has different upgrade pro¬ 
cesses. Some can be migrated, and some have to be reinstalled while 
pointing to an existing database. Service Manager is one of the best in 
this regard, allowing an in-place upgrade from Service Manager 2010, 
making the adoption of Service Manager 2012 fairly painless. 

Note that Service Manager 2012 SP1, like the rest of System Center 
2012 SP1, now supports Windows Server 2012 and SQL Server 2012, 
making it possible to deploy on the latest OS and SQL Server versions. 
Note that Service Manager doesn’t support an installation on Server 
Core, as confirmed at TechNet . 

For most organizations, the new Service Catalog feature available in 
the web portal, coupled with the tight integration with Orchestrator, 
will be the must-have feature. However, some organizations haven’t 
yet taken advantage of many existing features or even tried Service 
Manager yet. Hopefully, this article will get you excited enough to start 
planning a Service Manager deployment in your organization. ■ 
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FAQ 

Answers to Your Questions 

Q B How do I enable my existing Key Management 
■ Service (KMS) server to support Windows Server 
2012 R2 and Windows 8.1? 

A m Install the update available at the Microsoft Support site to 
■ add KMS support for Server 2012 R2 and Windows 8.1. 

—JohnSavill 

Q m Can I use Windows Azure as the host for an SMB 
■ share, to use for my failover-cluster witness? 

A a Technically, the answer is yes. This is because a virtual 
■ machine (VM) can be created in Windows Azure that can 
host an SMB file share, and that Windows Azure virtual network can 
be connected to your on-premises environment, using its site-to-site 
gateway functionality. 

However, in most cases it wouldn’t be practical, especially if, as is 
most likely, you want to use Windows Azure because you have two 
data centers hosting nodes and want Windows Azure as the “third 
site.” The problem is, at time of writing, a Windows Azure virtual 
network supports only a single instance of the site-to-site gateway. 
This means it could be connected to only one of the data centers. 

If the data center failed, the virtual network connected to the other 
data center would have no access to Windows Azure. Therefore, the 
virtual network wouldn’t be able to see the file-share witness and 
wouldn’t be able to use its vote and make quorum, rendering it use¬ 
less. When Windows Azure eventually supports multiple site-to-site 
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gateways, then using it for the file-share witness would become a 
more practical solution. 

—John Savill 

Q b Why should I create separate cloud services for my 
■ virtual machines (VMs) in Windows Azure IaaS? 

A b A VM hosted within Windows Azure IaaS must exist within 
■ a cloud service. Multiple VMs can also be part of the same 
cloud service. 

Cloud services were previously the boundary of communication 
between services; however, with virtual networks it’s now possible 
for multiple cloud services to use the same virtual network and com¬ 
municate with each other. The question, therefore, becomes when to 
create separate cloud services for VMs. 

There’s no definitive answer. Consider that each cloud service 
has its own public IP address, so if services need to be published to 
the Internet with unique IP addresses, then separate cloud services 
would be required. Additionally, if there are separate teams of users/ 
developers who manage their own cloud services, then giving each 
group their own cloud service would certainly make sense. However, 
the only reason you would have to use multiple cloud services is if 
there were more than 50 VMs, which, at time of writing, is the maxi¬ 
mum number of VMs in a single cloud service. 

—John Savill 

Q b How can I make an existing virtual machine (VM) a 
■ failover cluster resource in Windows Server 2012? 

A b If you have VMs on cluster nodes that aren’t currently clus- 
■ ter resources, it’s a simple process to make them highly 
available. Make sure they’re using cluster storage (such as a Cluster 
Shared Volume). Here are the steps to follow: 
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1. Start Failover Cluster Manager. 

2. Expand the Roles cluster. 

3. Select the Configure Role action. 

4. Click Next to get to the wizard. 

5. In the Select Role dialog box, select Virtual Machine as the 
type, and click Next. 

6. Select all the VMs you want to make highly available (see 
Figure 1), and click Next. 


Figure 1 

High Availability 
Wizard 


[File Actipn View Help 

# +| HUf 



7. Click Next to the confirmation. 

8. Click Finish to the report, which should show Success for all. If 
there are warnings, check and resolve problems, if needed. 

—John Savill 
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Q m We noticed some W32Time error messages in 
■ the System event log on a domain controller 
(DC). How can we troubleshoot Windows time 
synchronization? 

A m Windows includes a utility named W32tm.exe for trouble- 
■ shooting and fixing time-synchronization problems. But 
before you begin W32tm.exe-based troubleshooting, you need to 
make sure that the Windows Time service is up and running on your 
computers. In addition, you need to make sure that the service is set 
to start automatically. If the Windows Time service isn’t running, 
all logon attempts will fail. Here are some interesting W32tm.exe 
options to help you troubleshoot your Windows time-synchronization 
problems: 

To view the current time client configuration on a Windows com¬ 
puter, run the command 

W32tm /query /configuration 

To force a clock resynchronization on the local computer, use the 
command 

W32tm /resync 

To list the time skew on each DC in the domain named Research, 
use the command 

W32tm /monitor /domain:Research 

To force a DC to synchronize time using the default domain time 
server hierarchy scheme, run the command 

W32tm /config /syncfromflags:DomHier 


102 


Windows IT Pro / January 2014 


WWW.WINDOWSITPRO.COM 



Ask the Experts 


You can find the complete W32tm.exe syntax and more information 
about the Windows Time service in the TechNet articles “W32tm” 
and “Windows Time Service Tools and Settings,” respectively. 

—Jan De Clercq 

Q b What keys should I use in my Windows Server 
■ 2012 R2 virtual machines (VMs) to use 
Automatic Virtual Machine Activation (AVMA)? 

A a Server 2012 R2 introduces a new feature, AVMA, that allows 
B VMs running Server 2012 R2 to automatically activate, pro¬ 
vided the Hyper-V host they’re running on is Windows Server 2012 
R2 Datacenter and is itself activated. To tell the VM to use AVMA, you 
need to give the VM a specific key (this acts very similar to the keys 
used to tell machines to use KMS). 

You can find more information about the keys to use for Server 
2012 R2 in “Automatic Virtual Machine Activation.” The keys are: 

• Server Standard: DBGBW-NPF86-BJVTX-K3WKJ-MTB6V 
• Server Datacenter: Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW 
• Server Essentials: K2XGM-NMBT3-2R6Q8-WF2FK-P36R2 


—JohnSavill 

Q b How can I request a certificate from a Windows 
■ machine with Subject Alternative Names (SAN)? 

A b There are many services that use alternate names besides the 
■ host name for communications, either for initial communica¬ 
tions or ongoing communications. For example, work folders requires the 
server to authenticate when communicated to as workfolders. < domain 
.com >; work place join requires the AD FS server to authenticate when 
communicated as enterpriseregistration. < domain.com >; and there are 
many more. Fortunately, this is easy to configure. 
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First, ensure you have a certificate template available that machines 
or users can enroll with and that isn’t configured with automatic sub¬ 
ject name configuration. Then do the following: 

1. Within the Certificates snap-in that has been configured with 
focus on the local computer account, select Personal certificates, 
and select the All Tasks, Request New Certificate action. 

2. Click Next to the Enrollment wizard. 

3. Ensure Active Directory Enrollment Policy is selected; click Next. 

4. Select the certificate you want to leverage (e.g., Web Server), 
click the Details arrow, and click Properties. 

5. In the Subject tab, select the subject name, then the required 
alternative name (see Figure 2). 

6. Click OK, then click Enroll. 


Figure 2 

Certificate Properties 



The new certificate will be available and can be configured to be used 
with HTTPS binding and other services. ■ 

—John Savill 


104 Windows IT Pro / January 2014 


WWW.WINDOWSITPRO.COM 











































New & Improved 




Product News 
for IT Pros 


STORServer Offers CommVault Simpana Backup Appliances 

STORServer announced that it is offering backup appliances built on 
CommVault Simpana 10 data and information management software. 
As enterprises of all sizes continue to embrace turnkey systems to 
solve backup and recovery challenges, customers can deploy scale- 
out data protection in minutes with the STORServer appliance pre¬ 
configured and pre-tested with Simpana 10 software. The STORServer 
Backup Appliance line is a family of purpose-built backup appliances 
designed specifically for the automation, performance, and price- 
point demanded by growing companies. The appliance is composed of 
uniquely integrated hardware and software components in a quickly 
implemented, easy-to-use, and fully supported solution. CommVault 
Simpana blends physical and virtual machine (VM) protection, hard¬ 
ware snapshots, workflow automation, endpoint protection, global 
deduplication, replication, search, and intuitive reporting within a 
single platform. For more information about the STORServer line of 
data backup solutions, visit the STORServer website. 


STORServer 


commvautt 

VAf II mTTi 1 


Lieberman and Securonix Partner to Provide Privileged 
Identity Risk and Threat Analytics 

Lieberman Software and Securonix have partnered to help IT secu¬ 
rity and compliance professionals more closely monitor and analyze 
insider threats based on privileged user activities across the enterprise. 
This joint integration enables the Securonix Security Intelligence Plat¬ 
form to consume Lieberman Software’s Enterprise Random Password 
Manager (ERPM) Privileged Identity Management (PIM) events in real 
time for automated detection of anomalous user or account behavior, 
as well as advanced privileged identity analytics. “We are pleased to 


LIEBERMAN 

SOFTWARE. 

Securonix 

Solutions 
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harmon.ie' 


Quantum 


continue to lead the emerging identity analytics market by providing 
advanced risk analytics for privileged identities,” said Sachin Nayyar, 
CEO of Securonix. For more information, visit the Lieberman Software 
and Securonix websites. 


Mobile Workers Can Now Tap Yammer 
and SharePoint in One App 

With its new integration of Microsoft Office 365/SharePoint and Yam¬ 
mer, harmon.ie announced the industry’s first comprehensive mobile 
collaboration app. Combining the most popular Microsoft document 
sharing and social applications into a single mobile app, harmon.ie 
gives mobile business users the power to share documents and collab¬ 
orate with colleagues using SharePoint online or on premises, SkyDrive 
Pro, email, telephone, and now Yammer social within a single native 
app on iOS, Android, and BlackBerry 10 devices. Previously available in 
harmon.ie for Outlook on the desktop. Yammer is now integrated into 
harmon.ie Mobile and the new harmon.ie Outlook Web App (OWA) in 
the cloud. Delivering a complete social offering, harmon.ie enterprise 
users now have seamless SharePoint document and Yammer social 
collaboration on the desktop, on tablets and smartphones, and in the 
cloud—making the mobile enterprise a reality by putting business tools 
to work for the everyday user through a single mobile work experience. 
For more information, visit the harmon.ie website . 

Quantum Cuts Data Center Storage Costs 

Quantum announced a new solution integrating Rocket Arkivio data 
archiving software with Quantum’s Lattus Object Storage to reduce 
primary storage and backup costs by archiving static, unstructured 
data. With the combined solution, customers can save 30 percent or 
more in annual storage expenses and, in many cases, pay back their 
investment within one year. For customers who need to retain and 
access hundreds of terabytes of unstructured data. Quantum Lattus 
Object Storage is a self-healing, self-protecting private cloud solution 
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that enables more efficient primary storage usage, delivers extreme 
archive data resiliency and protection, and offers low-latency disk 
access to archive data. Compared with RAID or tape storage, Lattus 
Object Storage provides the most effective solution on a cost/perfor¬ 
mance basis for active access, retention and protection of unstruc¬ 
tured data in large archive environments. For more information, 
check out the Quantum website. 


Catbird Announces Microsoft Hyper-V Server 2012 Support 

Catbird Networks announced Catbird vSecurity for Microsoft Hyper-V. 
Security and compliance through Catbird vSecurity provides clients 
with an automated method to measure against compliance standards 
and mitigate risk, greatly reducing audit-preparation costs and the 
inherent complexities that come with managing compliance regula¬ 
tions. Catbird vSecurity includes comprehensive network security 
controls such as IDS/IPS, Firewall Orchestration, and Vulnerabil¬ 
ity Management. It captures and analyzes security and hypervisor 
events, automatically mapping to various compliance frameworks, 
including PCI, HIPAA, FISMA, and COBIT, presenting users with a 
visual one-to-one mapping of the current compliance state of their 
cloud-based infrastructure. It also automates the quarantine of assets 
upon compliance policy violations. Catbird vSecurity for Microsoft 
Hyper-V is the ideal solution for a wide variety of virtualized data 
centers. For more information, see the Catbird website. 


* 


catbird 


Metalogix Aims for the AWS Cloud 

Metalogix announced the delivery of the Metalogix Total Email Man¬ 
agement and Migration solution for the Amazon Web Services (AWS) 
cloud. Offering simplified cloud migration, Metalogix is enabling 
businesses to increase flexibility and scalability, while dramatically 
reducing costs by moving email and file data off expensive proprie¬ 
tary storage systems and by eliminating additional hardware require¬ 
ments through the use of the AWS cloud. The Metalogix Total Email 
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Management and Migration solution for AWS delivers comprehensive 
services for email archiving, backup, security, migration, and conti¬ 
nuity for the cloud. As a result, organizations can easily migrate and 
archive their email and user data into the Amazon Virtual Private 
Cloud (VPC) environment while still maintaining stringent security 
and control over their business-critical information. The Metalogix 
Total Email Management and Migration Solution is the industry’s 
first dynamic email management suite to transparently migrate, store, 
secure, and protect email and file content for on-premises and cloud 
environments. For more information, visit the Metalogix website. 


Devolutions Adds 200 Improvements 



to Remote Desktop Manager 9 


After months of beta testing supported by its global community of IT 
pros. Devolutions has launched its much-anticipated Remote Desktop 
Manager 9. Remote Desktop Manager is an all-in-one centralized tool 
that enables IT pros and teams to add, edit, delete, share, organize, 
find, and manage all of their remote connections and virtual machines 
(VMs). They can also control password management and credentials 
management anytime, anywhere. You can find a full list of the key 
improvements and enhancements in version 9 at the Remote Desktop 
Manager 9 Change History page. “When we launched Remote Desktop 
Manager in 2010, it was as a tool,” commented Devolutions’ CEO and 
founder David Hervieux. “Last year, when we released version 8, it had 
developed into a product. And now with version 9, it has evolved even 
further as a complete business solution and integrated platform.” For 
more information, see the Devolutions website. ■ 
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